Meta-reasoning in the concurrent logical framework CLF

Similar documents
Meta-Reasoning in a Concurrent Logical Framework

Mode checking in the Concurrent Logical Framework

A Concurrent Logical Framework

Reasoning with Higher-Order Abstract Syntax and Contexts: A Comparison

Lecture Notes on Call-by-Value and Call-by-Name

Lecture Notes on A Concurrent Logical Framework

Type safety for substructural specifications: preliminary results

Specifying Properties of Concurrent Computations in CLF

Specifying Properties of Concurrent Computations in CLF

HOAS by example What is a Formal System? A Simply Typed Framework What Does it Mean? Canonical LF References HOAS. Randy Pollack

Mechanizing a Decision Procedure for Coproduct Equality in Twelf

Subtyping and Intersection Types Revisited

One Year Later. Iliano Cervesato. ITT Industries, NRL Washington, DC. MSR 3.0:

MSR 3.0: The Logical Meeting Point of Multiset Rewriting and Process Algebra. Iliano Cervesato. ITT Industries, NRL Washington, DC

Mechanizing Metatheory in a Logical Framework

The Curry-Howard Isomorphism

Relating State-Based and Process-Based Concurrency through Linear Logic

Notes on Logical Frameworks

Supplementary Notes on Inductive Definitions

Focusing on Binding and Computation

Towards Concurrent Type Theory

Operational Semantics Using the Partiality Monad

Lecture Notes on The Concurrent Logical Framework

The Logical Meeting Point of Multiset Rewriting and Process Algebra

Relating Reasoning Methodologies in Linear Logic and Process Algebra

Lecture Notes on Inductive Definitions

A concurrent logical framework I: Judgments and properties

Lecture Notes on Inductive Definitions

Intersection Synchronous Logic

An insider s look at LF type reconstruction:

Type Inference. For the Simply-Typed Lambda Calculus. Peter Thiemann, Manuel Geffken. Albert-Ludwigs-Universität Freiburg. University of Freiburg

NICTA Advanced Course. Theorem Proving Principles, Techniques, Applications

Complete Partial Orders, PCF, and Control

HORSes: format, termination and confluence

Mary Southern and Gopalan Nadathur. This work was funded by NSF grant CCF

INDUCTIVE DEFINITION

Logical specification and coinduction

On the Semantics of Parsing Actions

From Operational Semantics to Abstract Machines

Adjoint Logic and Its Concurrent Semantics

Properties of Terms in Continuation-Passing Style in an Ordered Logical Framework

Type Systems as a Foundation for Reliable Computing

Some Recent Logical Frameworks

The syntactic guard condition of Coq

M, N ::= x λp : A.M MN (M, N) () c A. x : b p x : b

The Next 700 Challenge Problems for Reasoning with Higher-Order Abstract Syntax Representations

Human-Readable Machine-Verifiable Proofs for Teaching Constructive Logic

Timed Automata VINO 2011

Termination and Reduction Checking for Higher-Order Logic Programs

A Concurrent Logical Framework: the Propositional Fragment

Alonzo Church ( ) Lambda Calculus. λ-calculus : syntax. Grammar for terms : Inductive denition for λ-terms

Modal Logic as a Basis for Distributed Computation

A Meta Linear Logical Framework

Chapter 1 A computational interpretation of forcing in Type Theory

Beyond First-Order Logic

Proof-Carrying Code in a Session-Typed Process Calculus

A Meta Linear Logical Framework

Safety Analysis versus Type Inference

Induction on Failing Derivations

REFINEMENT TYPES FOR LOGICAL FRAMEWORKS AND THEIR INTERPRETATION AS PROOF IRRELEVANCE

LF P A Logical Framework with External Predicates

Lecture 1: Logical Foundations

Modular Multiset Rewriting in Focused Linear Logic

A Bidirectional Refinement Type System for LF

Lecture Notes: Axiomatic Semantics and Hoare-style Verification

Lecture Notes on Intuitionistic Kripke Semantics

An extension of HM(X) with bounded existential and universal data-types

Classical First-Order Logic

Typed Arithmetic Expressions

REASONING IN A LOGIC WITH DEFINITIONS AND INDUCTION RAYMOND CHARLES MCDOWELL COMPUTER AND INFORMATION SCIENCE

On Equivalence and Canonical Forms in the LF Type Theory (Extended Abstract) Robert Harper and Frank Pfenning Department of Computer Science Carnegie

A Concurrent Logical Framework:

AN OVERVIEW OF LINEAR LOGIC PROGRAMMING

Harvard School of Engineering and Applied Sciences CS 152: Programming Languages

Benchmarks for reasoning with syntax trees containing binders and contexts of assumptions

Deductive System: Calculus of axioms and inference rules dening judgments. Used in the presentation of logics and programming derivable Logical Framew

A Temporal Dynamic Logic for Verifying Hybrid System Invariants

Matching Logic: Syntax and Semantics

Probabilistic Applicative Bisimulation and Call-by-Value Lam

Nominal Completion for Rewrite Systems with Binders

A New Look At Generalized Rewriting in Type Theory

A Multiple-Conclusion Specification Logic

Adjunction Based Categorical Logic Programming

The Permutative λ-calculus

Final Exam Substructural Logics Frank Pfenning. December 12, 2016

7 RC Simulates RA. Lemma: For every RA expression E(A 1... A k ) there exists a DRC formula F with F V (F ) = {A 1,..., A k } and

Lecture Notes on Heyting Arithmetic

Intensionality, Extensionality, and Proof Irrelevance in Modal Type Theory

Theoretical Computer Science. Representing model theory in a type-theoretical logical framework

Call-by-value non-determinism in a linear logic type discipline

Theoretical Foundations of the UML

Constructive approach to relevant and affine term calculi

Groupe de travail. Analysis of Mobile Systems by Abstract Interpretation

An Open Logical Framework

Semantics and Pragmatics of NLP

Equivalence of Algebraic λ -calculi extended abstract

Recitation 2: Binding, Semantics, and Safety : Foundations of Programming Languages

Overview. overview / 357

First-Order Logic First-Order Theories. Roopsha Samanta. Partly based on slides by Aaron Bradley and Isil Dillig

Classical Program Logics: Hoare Logic, Weakest Liberal Preconditions

Transcription:

Meta-reasoning in the concurrent logical framework CLF Jorge Luis Sacchini (joint work with Iliano Cervesato) Carnegie Mellon University Qatar campus Nagoya University, 27 June 2014 Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 1 / 48

Objectives Concurrency and distribution are essential features in modern systems. PLs are engineered (or retrofitted) to support them. Their formal semantics is not as well understood or studied as in the sequential case. Formal semantics will enable, e.g., development of formal verification, logical frameworks, verifying programs and program transformations. Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 2 / 48

Logical frameworks Logical frameworks are formalisms used to specify PL and their metatheory. Coq, Agda, Twelf, Beluga, Delphin,... Our goal is to develop logical frameworks for specifying concurrent and distributed PL. Two main approaches. Deep approach: specify a concurrency model in a general purpose LF (Coq, Agda) Shallow approach: provide direct support in a special purpose LF (Twelf, Beluga, Delphin, LLF, HLF, CLF) We follow the shallow approach, using CLF as our LF. Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 3 / 48

Outline 1 Twelf 2 CLF 3 Substructural operational semantics 4 Safety for SSOS 5 Meta-CLF 6 Conclusions and future work Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 4 / 48

Outline 1 Twelf 2 CLF 3 Substructural operational semantics 4 Safety for SSOS 5 Meta-CLF 6 Conclusions and future work Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 5 / 48

Twelf Logical framework designed to specify and prove properties about deductive systems (e.g. logics, programming languages). Based on the Edinburgh logical framework (LF). Binders are represented using Higher-Order Abstract Syntax (HOAS). Used in large specifications: SML, TALT, Proof-Carrying Code... Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 6 / 48

Twelf Example Natural numbers: Addition: z nat z + n = n n nat s(n) nat m + n = p s(m) + n = s(p) In Twelf: nat : type. z : nat. s : nat -> nat. plus : nat -> nat -> nat -> type. plus/z : plus z N N. plus/s : plus (s M) N (s P) <- plus M N P. Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 7 / 48

Twelf Addition in Twelf: plus : nat -> nat -> nat -> type. plus/z : plus z N N. plus/s : plus (s M) N (s P) <- plus M N P. Backward chaining proof search: plus (s(s z)) (s(s z)) X X? Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 8 / 48

Twelf Addition in Twelf: plus : nat -> nat -> nat -> type. plus/z : plus z N N. plus/s : plus (s M) N (s P) <- plus M N P. Backward chaining proof search: plus (s z) (s(s z)) X 1 plus (s(s z)) (s(s z)) X X = s X 1 Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 8 / 48

Twelf Addition in Twelf: plus : nat -> nat -> nat -> type. plus/z : plus z N N. plus/s : plus (s M) N (s P) <- plus M N P. Backward chaining proof search: plus z (s(s z)) X 2 plus (s z) (s(s z)) X 1 plus (s(s z)) (s(s z)) X X = s X 1 = s (s X 2 ) Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 8 / 48

Twelf Addition in Twelf: plus : nat -> nat -> nat -> type. plus/z : plus z N N. plus/s : plus (s M) N (s P) <- plus M N P. Backward chaining proof search: plus z (s(s z)) X 2 plus (s z) (s(s z)) X 1 plus (s(s z)) (s(s z)) X X = s X 1 = s (s X 2 ) = 4 Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 8 / 48

Meta-theorems in Twelf Example: m, n, p. m + n = p n + m = p In Twelf: plus/comm: plus M N P -> plus N M P -> type. (Proof proceeds by induction on M). Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 9 / 48

Specifying PLs in Twelf Simply-typed λ-calculus: e ::= x λx.e e 1 e 2 τ ::= ρ τ τ (Expressions) (Types) In Twelf: exp : type. lam : (exp -> exp) -> exp. app : exp -> exp -> exp. tp : type. arr : tp -> tp -> tp. HOAS: variables in Twelf represent variables in the object language. Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 10 / 48

Specifying PLs in Twelf Typing judgment: Γ e : τ x : τ Γ Γ x : τ Γ, x : τ e : τ Γ e 1 : τ τ Γ e 2 : τ Γ λx.r : τ τ Γ e 1 e 2 : τ In Twelf: of : exp -> tp -> type. of/lam : of (lam \x. E x) (arr T T ) <- ({x} of x T -> of (E x) T ). of/app : of (app E1 E2) T <- of E1 (arr T T) <- of E2 T. HOAS: Twelf context represents the object language context. Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 11 / 48

Meta-theorems in Twelf Type preservation: Γ, e 1, e 2, τ. Γ e 1 : τ e 1 e 2 Γ e 2 : τ In Twelf: type-pres: of E1 T -> red E1 E2 -> of E2 T -> type. Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 12 / 48

Extensions of Twelf Many PL features are difficult to represent in Twelf: State Concurrency Parallelism Distribution Several extensions have been proposed: Linear LF (state, linear logic) Hybrid LF (hybrid logic, reasoning about LLF) Concurrent LF (concurrency, distribution)... Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 13 / 48

Outline 1 Twelf 2 CLF 3 Substructural operational semantics 4 Safety for SSOS 5 Meta-CLF 6 Conclusions and future work Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 14 / 48

CLF CLF is an extension of the Edinburgh logical framework (LF) designed to specify distributed and concurrent systems. Large number of examples: semantics of PL, Petri nets, voting protocols, etc. CLF extends LF with linear types and a monad to encapsulate concurrent effects: K ::= type Π!x : A.K (Kinds) A ::= P Πx : A.A A B A B {S} (Async types) S ::= 1!A A S S x : A.S (Sync types) as well as proof terms for these types (more on that later) Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 15 / 48

CLF CLF combines: Asynchronous types (Π,, &) Linear Logical Framework Backward chaining operational semantics Synchronous types (, ) Encapsulated in a monad ({S}) Forward chaining operational semantics Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 16 / 48

CLF Synchronous fragment Monadic types are used to encapsulate concurrent effects: A B {C} (Multiset) Rewriting interpretation of linear logic. Example: in : tick count N {count (N + 1)} Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 17 / 48

CLF Synchronous fragment Monadic types are used to encapsulate concurrent effects: A B {C} (Multiset) Rewriting interpretation of linear logic. Example: in : tick count N plus N 1 M {count M} Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 17 / 48

CLF Synchronous fragment Monadic types are used to encapsulate concurrent effects: A B {C} (Multiset) Rewriting interpretation of linear logic. Example: in : tick count N {count (N + 1)} Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 17 / 48

CLF Synchronous fragment Monadic types are used to encapsulate concurrent effects: A B {C} (Multiset) Rewriting interpretation of linear logic. Example: in : tick count N {count (N + 1)} t 1 : tick, t 2 : tick, t 3 : tick, t 4 : tick, t 5 : tick, c 1 : count 0, c 2 : count 0 Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 17 / 48

CLF Synchronous fragment Monadic types are used to encapsulate concurrent effects: A B {C} (Multiset) Rewriting interpretation of linear logic. Example: in : tick count N {count (N + 1)} t 1 : tick, t 2 : tick, t 3 : tick, t 4 : tick, t 5 : tick, c 1 : count 0, c 2 : count 0 t 2 : tick, t 3 : tick, t 4 : tick, t 5 : tick, c 1 : count 1, c 2 : count 0 Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 17 / 48

CLF Synchronous fragment Monadic types are used to encapsulate concurrent effects: A B {C} (Multiset) Rewriting interpretation of linear logic. Example: in : tick count N {count (N + 1)} t 1 : tick, t 2 : tick, t 3 : tick, t 4 : tick, t 5 : tick, c 1 : count 0, c 2 : count 0 t 2 : tick, t 3 : tick, t 4 : tick, t 5 : tick, c 1 : count 1, c 2 : count 0 t 3 : tick, t 4 : tick, t 5 : tick, c 1 : count 2, c 2 : count 0 Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 17 / 48

CLF Synchronous fragment Monadic types are used to encapsulate concurrent effects: A B {C} (Multiset) Rewriting interpretation of linear logic. Example: in : tick count N {count (N + 1)} t 1 : tick, t 2 : tick, t 3 : tick, t 4 : tick, t 5 : tick, c 1 : count 0, c 2 : count 0 t 2 : tick, t 3 : tick, t 4 : tick, t 5 : tick, c 1 : count 1, c 2 : count 0 t 3 : tick, t 4 : tick, t 5 : tick, c 1 : count 2, c 2 : count 0 t 4 : tick, t 5 : tick, c 1 : count 2, c 2 : count 1 Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 17 / 48

CLF Synchronous fragment Monadic types are used to encapsulate concurrent effects: A B {C} (Multiset) Rewriting interpretation of linear logic. Example: in : tick count N {count (N + 1)} t 1 : tick, t 2 : tick, t 3 : tick, t 4 : tick, t 5 : tick, c 1 : count 0, c 2 : count 0 t 2 : tick, t 3 : tick, t 4 : tick, t 5 : tick, c 1 : count 1, c 2 : count 0 t 3 : tick, t 4 : tick, t 5 : tick, c 1 : count 2, c 2 : count 0 t 4 : tick, t 5 : tick, c 1 : count 2, c 2 : count 1 t 5 : tick, c 1 : count 3, c 2 : count 1 Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 17 / 48

CLF Synchronous fragment Monadic types are used to encapsulate concurrent effects: A B {C} (Multiset) Rewriting interpretation of linear logic. Example: in : tick count N {count (N + 1)} t 1 : tick, t 2 : tick, t 3 : tick, t 4 : tick, t 5 : tick, c 1 : count 0, c 2 : count 0 t 2 : tick, t 3 : tick, t 4 : tick, t 5 : tick, c 1 : count 1, c 2 : count 0 t 3 : tick, t 4 : tick, t 5 : tick, c 1 : count 2, c 2 : count 0 t 4 : tick, t 5 : tick, c 1 : count 2, c 2 : count 1 t 5 : tick, c 1 : count 3, c 2 : count 1 c 1 : count 3, c 2 : count 2 Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 17 / 48

Proof terms Monadic types are introduced by traces A trace is basically a sequence of rule applications: ε ::= { } c S ε 1 ; ε 2 Trace composition (;) is associative and is a neutral element Forward chaining with committed choice after every step. Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 18 / 48

Traces Example: in : tick count N {count (N + 1)} t 1 : tick, t 2 : tick, t 3 : tick, t 4 : tick, t 5 : tick, c 1 : count 0, c 2 : count 0 {c 11 } in t 1, c 1 {c 12 } in t 2, c 11 {c 21 } in t 3, c 2 {c 13 } in t 4, c 12 {c 22 } in t 5, c 21 : c 13 : count 3, c 22 : count 2 Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 19 / 48

Traces Equality on traces: α-equivalence modulo permutation of independent subtraces. Allows encoding of concurrent and distributed features. Two traces are independent (ε 1 ε 2 ) if they operate on different sets of variables. Trace interface: ( ) = ({ } c S) = FV(S) (ε 1 ; ε 2 ) = ε 1 ( ε 2 \ ε 1 ) ( ) = ({ } c S) = dom( ) (ε 1 ; ε 2 ) = ε 2 (ε 1 \ ε 2 )!(ε 1 ) ε 1 ε 2 ε 1 ε 2 = ε 1 ε 2 =. Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 20 / 48

Traces Trace equality: ε; ε ε ε; ε 1 ; (ε 2 ; ε 3 ) (ε 1 ; ε 2 ); ε 3 Example: ε 1 ε 2 ε 1 ε 1 ε 2 ε 2 ε 1 ; ε 2 ε 2 ; ε 1 ε 1 ; ε 2 ε 1; ε 2 ε 1 ; ε 2 ε 1 ; ε 2 {c 11 } in t 1, c 1 {c 12 } in t 2, c 11 {c 21 } in t 3, c 2 {c 13 } in t 4, c 12 {c 22 } in t 5, c 21 {c 11 } in t 1, c 1 {c 21 } in t 3, c 2 {c 12 } in t 2, c 11 {c 13 } in t 4, c 12 {c 22 } in t 5, c 21 Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 21 / 48

Outline 1 Twelf 2 CLF 3 Substructural operational semantics 4 Safety for SSOS 5 Meta-CLF 6 Conclusions and future work Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 22 / 48

Substructural operational semantics Substructural operational semantics combines Structural operational semantics Substructural logics Extensible: we can add features without breaking previous developments Expressive: wide variety of concurrent and distributed mechanisms (Simmons12). Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 23 / 48

Higher-order abstract syntax Simply-typed λ-calculus In (C)LF: exp : type. lam : (exp exp) exp. app : exp exp exp. e ::= x λx.e e e Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 24 / 48

SSOS Linear-destination passing style (Pfenning04) Based on multiset rewriting; suitable for specifying in linear logic Multiset of facts: eval e d ret e d fapp d 1 d 2 d Evaluate expression e in destination d Value e in destination d Application: expects the function and argument to be evaluated in d 1 and d 2, and the result is evaluated in d Evaluation rules transform multisets of facts Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 25 / 48

SSOS Multiset of facts: eval e d, ret e d, fapp d 1 d 2 d In CLF: dest : type. eval : exp dest type. ret : exp dest type. fapp : dest dest dest type. Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 26 / 48

Evaluation rules Multiset rewriting rules (parallel semantics): eval e d ret e d if e is a value In CLF: step/eval : eval e d value e {ret e d}. Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 27 / 48

Evaluation rules Multiset rewriting rules (parallel semantics): eval (e 1 e 2 ) d eval e 1 d 1, eval e 2 d 2, fapp d 1 d 2 d In CLF: where d 1, d 2 fresh step/app : eval (app e 1 e 2 ) d {!d 1!d 2 : dest, eval e 1 d 1, eval e 2 d 2, fapp d 1 d 2 d}. Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 27 / 48

Evaluation rules Multiset rewriting rules (parallel semantics): ret (λx.e 1 ) d 1, ret e 2 d 2, fapp d 1 d 2 d eval (e 1 [e 2 /x]) d In CLF: step/beta : ret (lam e 1 ) d 1 ret e 2 d 2 fapp d 1 d 2 d {eval (e 1 e 2 ) d} Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 27 / 48

Example eval ((λx.x)(λy.y)) d In CLF:!d : dest, x 0 : eval (app (lam λx.x) (lam λy.y)) d : (!d : dest)(x 0 : eval (app (lam λx.x) (lam λy.y)) d) Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 28 / 48

Example eval ((λx.x)(λy.y)) d eval (λx.x) d 1, eval (λy.y) d 2, fapp d 1 d 2 d In CLF:!d : dest, x 0 : eval (app (lam λx.x) (lam λy.y)) d {!d 1,!d 2, x, y, z} step/app x 0 ; :!d!d 1!d 2 : dest, x : eval (lam λx.x) d 1, y : eval (lam λy.y) d 2, z : fapp d 1 d 2 d Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 28 / 48

Example eval ((λx.x)(λy.y)) d eval (λx.x) d 1, eval (λy.y) d 2, fapp d 1 d 2 d ret (λx.x) d 1, eval (λy.y) d 2, fapp d 1 d 2 d In CLF:!d : dest, x 0 : eval (app (lam λx.x) (lam λy.y)) d {!d 1,!d 2, x, y, z} step/app x 0 ; {x } step/eval x; :!d!d 1!d 2 : dest, x : ret (lam λx.x) d 1, y : eval (lam λy.y) d 2 z : fapp d 1 d 2 d Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 28 / 48

Example eval ((λx.x)(λy.y)) d eval (λx.x) d 1, eval (λy.y) d 2, fapp d 1 d 2 d ret (λx.x) d 1, eval (λy.y) d 2, fapp d 1 d 2 d ret (λx.x) d 1, ret (λy.y) d 2, fapp d 1 d 2 d In CLF:!d : dest, x 0 : eval (app (lam λx.x) (lam λy.y)) d {!d 1,!d 2, x, y, z} step/app x 0 ; {x } step/eval x; {y } step/eval y; :!d!d 1!d 2 : dest, x : ret (lam λx.x) d 1, y : ret (lam λy.y) d 2 z : fapp d 1 d 2 d Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 28 / 48

Example eval ((λx.x)(λy.y)) d eval (λx.x) d 1, eval (λy.y) d 2, fapp d 1 d 2 d ret (λx.x) d 1, eval (λy.y) d 2, fapp d 1 d 2 d ret (λx.x) d 1, ret (λy.y) d 2, fapp d 1 d 2 d eval (λy.y) d In CLF:!d : dest, x 0 : eval (app (lam λx.x) (lam λy.y)) d {!d 1,!d 2, x, y, z} step/app x 0 ; {x } step/eval x; {y } step/eval y; {w} step/beta x y z; :!d!d 1!d 2 : dest, w : eval (lam λy.y) d Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 28 / 48

Example eval ((λx.x)(λy.y)) d eval (λx.x) d 1, eval (λy.y) d 2, fapp d 1 d 2 d ret (λx.x) d 1, eval (λy.y) d 2, fapp d 1 d 2 d ret (λx.x) d 1, ret (λy.y) d 2, fapp d 1 d 2 d eval (λy.y) d ret (λy.y) d In CLF:!d : dest, x 0 : eval (app (lam λx.x) (lam λy.y)) d {!d 1,!d 2, x, y, z} step/app x 0 ; {x } step/eval x; {y } step/eval y; {w} step/beta x y z; {w } step/eval w; :!d!d 1!d 2 : dest, w : ret (lam λy.y) d Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 28 / 48

Example eval ((λx.x)(λy.y)) d eval (λx.x) d 1, eval (λy.y) d 2, fapp d 1 d 2 d ret (λx.x) d 1, eval (λy.y) d 2, fapp d 1 d 2 d ret (λx.x) d 1, ret (λy.y) d 2, fapp d 1 d 2 d eval (λy.y) d ret (λy.y) d In CLF:!d : dest, x 0 : eval (app (lam λx.x) (lam λy.y)) d {!d 1,!d 2, x, y, z} step/app x 0 ; {y } step/eval y; {x } step/eval x; {w} step/beta x y z; {w } step/eval w; :!d!d 1!d 2 : dest, w : ret (lam λy.y) d Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 28 / 48

π-calculus in CLF Example Process expressions: In CLF: exp : type. chan : type. P, Q ::= 0 (P Q) ν u.p!p u(v).p u v zero : exp. par : exp -> exp -> exp. new : (chan -> exp) -> exp.! : exp -> exp. inp : chan -> (chan -> exp) -> exp. outp : chan -> chan -> exp. Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 29 / 48

π-calculus in CLF Example Operational semantics: In CLF: proc : exp -> type. msg : chan -> chan -> type. u(v) u w.p [v/w]p proc/zero : proc zero -o {1}. proc/par : proc (par P Q) -o {proc P proc Q}. proc/outp : proc (out U V) -o { msg U V }. proc/inp : proc U (inp \v. P v) -o msg U W -o { proc (P W) }. Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 30 / 48

SSOS Many PL features can be represented using SSOS: State Threads Futures Concurrency (e.g. π-calculus) Distribution How to reason about CLF specifications? Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 31 / 48

Outline 1 Twelf 2 CLF 3 Substructural operational semantics 4 Safety for SSOS 5 Meta-CLF 6 Conclusions and future work Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 32 / 48

Safety Recall that the previous semantics is parallel (more complex languages can have concurrent and distributed semantics as well). Safety is the conjunction of the following properties: Preservation: evaluation preserves well-typed multisets. If is a well-typed multiset, and (step), then is a well-typed multiset. Progress: a well-typed multiset is either final (result) or is possible to take a step. If is a well-typed multiset, then either = {ret e d} or there exists such that. We need a notion of well-typed multiset for SSOS specifications. Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 33 / 48

Well-typed multisets Example: eval e 1 d, eval e 2 d $ (repeated destination) fapp d 1 d 2 d, eval e 1 d 1 $ (no fact for d 2 ) Well-typed multisets form a tree: fapp d 1 d 2 d eval plus d 1 fapp d 21 d 22 d 2 ret 0 d 21 eval 2 d 22 Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 34 / 48

Well-typed multisets Well-typed multisets can be described by rewriting rules. gen t d means generate a term of type t rooted at d gen d Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 35 / 48

Well-typed multisets Well-typed multisets can be described by rewriting rules. gen t d means generate a term of type t rooted at d fapp d 1 d 2 d gen d 1 gen d 2 Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 35 / 48

Well-typed multisets Well-typed multisets can be described by rewriting rules. gen t d means generate a term of type t rooted at d fapp d 1 d 2 d eval plus d 1 gen d 2 Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 35 / 48

Well-typed multisets Well-typed multisets can be described by rewriting rules. gen t d means generate a term of type t rooted at d fapp d 1 d 2 d eval plus d 1 fapp d 21 d 22 d 2 gen d 21 gen d 22 Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 35 / 48

Well-typed multisets Well-typed multisets can be described by rewriting rules. gen t d means generate a term of type t rooted at d fapp d 1 d 2 d eval plus d 1 fapp d 21 d 22 d 2 ret 0 d 21 gen d 22 Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 35 / 48

Well-typed multisets Well-typed multisets can be described by rewriting rules. gen t d means generate a term of type t rooted at d fapp d 1 d 2 d eval plus d 1 fapp d 21 d 22 d 2 ret 0 d 21 eval 2 d 22 Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 35 / 48

Well-typed multisets Generating well-typed states: gen t d A where A contains no fact of the form gen t 0 d 0. In CLF: gen : tp dest type. gen/eval : gen t d of e t {eval e d}. gen/ret : gen t d of e t {ret e d}. gen/fapp : gen t d {!d 1!d 2 : dest, fapp d 1 d 2 d, gen (arr t 1 t) d 1, gen t 1 d 2 }. We call these type of rules generative invariants (Simmons 12). Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 36 / 48

Safety Lemma (Safety) Preservation If {gen t d} gen A and A step A then {gen t d} gen A. Progress if {gen t d} gen A, then either A Is of the form {ret e d} or there exists A such that A step A. Proof. Preservation The proof proceeds by case analysis on the evaluation step. Progress The proof proceeds by induction on the generating trace. Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 37 / 48

Limitations of CLF In CLF it is not possible to express preservation and progress. CLF lacks support for first-order traces, and quantification over contexts. We propose an extension of LF with trace types: Meta-CLF. Similar approaches are taken in Beluga, Delphin, Abella (in the sense of using a two-level approach). Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 38 / 48

Outline 1 Twelf 2 CLF 3 Substructural operational semantics 4 Safety for SSOS 5 Meta-CLF 6 Conclusions and future work Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 39 / 48

Meta-CLF Meta-CLF is an extension of LF with trace types and quantification over contexts and names: A ::=... { } Σ { } { } Σ 1 { } Πψ : ctx.a x.a { } Σ { } is the type of all traces ε satisfying ε : that use only rules in the signature Σ. { } Σ 1 { } is the type of all 1-step traces ε satisfying ε : that use only rules in the signature Σ. Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 40 / 48

Meta-CLF In Meta-CLF we can express properties about traces: preservation : Πt : tp. d. g. Πψ 1 : ctx. Πψ 2 : ctx. {!d : dest, g : gen d t} Σ gen {ψ 1 } {ψ 1 } Σ 1 step {ψ 2 } {!d : dest, g : gen d t} Σ gen {ψ 2 } type. If ψ 1 is a well-typed state (generated from a single gen d) and there is a step from ψ 1 to ψ 2, then ψ 2 is a well-typed state Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 41 / 48

Meta-CLF In Meta-CLF we can express properties about traces: preservation : Πt : tp. d. g. Πψ 1 : ctx. Πψ 2 : ctx. {!d : dest, g : gen d t} Σ gen {ψ 1 } {ψ 1 } Σ 1 step {ψ 2 } {!d : dest, g : gen d t} Σ gen {ψ 2 } type. If ψ 1 is a well-typed state (generated from a single gen d) and there is a step from ψ 1 to ψ 2, then ψ 2 is a well-typed state Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 41 / 48

Meta-CLF In Meta-CLF we can express properties about traces: preservation : Πt : tp. d. g. Πψ 1 : ctx. Πψ 2 : ctx. {!d : dest, g : gen d t} Σ gen {ψ 1 } {ψ 1 } Σ 1 step {ψ 2 } {!d : dest, g : gen d t} Σ gen {ψ 2 } type. If ψ 1 is a well-typed state (generated from a single gen d) and there is a step from ψ 1 to ψ 2, then ψ 2 is a well-typed state Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 41 / 48

Meta-CLF In Meta-CLF we can express properties about traces: preservation : Πt : tp. d. g. Πψ 1 : ctx. Πψ 2 : ctx. {!d : dest, g : gen d t} Σ gen {ψ 1 } {ψ 1 } Σ 1 step {ψ 2 } {!d : dest, g : gen d t} Σ gen {ψ 2 } type. If ψ 1 is a well-typed state (generated from a single gen d) and there is a step from ψ 1 to ψ 2, then ψ 2 is a well-typed state Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 41 / 48

Meta-CLF In Meta-CLF we can express properties about traces: preservation : Πt : tp. d. g. Πψ 1 : ctx. Πψ 2 : ctx. {!d : dest, g : gen d t} Σ gen {ψ 1 } {ψ 1 } Σ 1 step {ψ 2 } {!d : dest, g : gen d t} Σ gen {ψ 2 } type. If ψ 1 is a well-typed state (generated from a single gen d) and there is a step from ψ 1 to ψ 2, then ψ 2 is a well-typed state Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 41 / 48

Meta-CLF In Meta-CLF we can express properties about traces: preservation : Πt : tp. d. g. Πψ 1 : ctx. Πψ 2 : ctx. {!d : dest, g : gen d t} Σ gen {ψ 1 } {ψ 1 } Σ 1 step {ψ 2 } {!d : dest, g : gen d t} Σ gen {ψ 2 } type. If ψ 1 is a well-typed state (generated from a single gen d) and there is a step from ψ 1 to ψ 2, then ψ 2 is a well-typed state Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 41 / 48

Meta-CLF The safety proof in Meta-CLF follows closely the paper proof. A, eval e d step A, ret e d Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 42 / 48

Meta-CLF The safety proof in Meta-CLF follows closely the paper proof. gen t 0 d 0 A, eval e d step A, ret e d Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 42 / 48

Meta-CLF The safety proof in Meta-CLF follows closely the paper proof. gen t 0 d 0 gen A, gen t d gen A, eval e d step A, ret e d Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 42 / 48

Meta-CLF The safety proof in Meta-CLF follows closely the paper proof. gen t 0 d 0 gen t 0 d 0 gen A, gen t d gen A, eval e d step A, ret e d Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 42 / 48

Meta-CLF The safety proof in Meta-CLF follows closely the paper proof. gen t 0 d 0 gen t 0 d 0 gen gen A, gen t d A.gen t d gen gen A, eval e d step A, ret e d Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 42 / 48

Meta-CLF The safety proof in Meta-CLF follows closely the paper proof. gen t 0 d 0 gen t 0 d 0 gen gen A, gen t d A.gen t d gen gen A, eval e d step A, ret e d In Meta-CLF: pres/ret : preservation (X 1 ; { x} gen/eval e d 0 g 0 H) ({ y} step/eval e d 0 x H v ) (X 1 ; { y} gen/ret e d 0 g 0 H H v ) Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 42 / 48

Meta-CLF Both proofs of preservation and progress in Meta-CLF follow the pen-and-paper proofs. Preservation is performed by case analysis (no induction). Progress relies on induction, but termination is easy (size of the trace). However, we rely on coverage to ensure the proof is total. Coverage checking in the presence of traces is tricky, due to the possibility of permuting steps. (Left for future work.) Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 43 / 48

SSOS We can extend this semantics with other features without invalidating the previous rules Example: store, futures, call/cc, communication,... location : type. loc : location exp. get : exp exp. ref : exp exp. set : exp exp exp. cell : location exp type. step/ref : eval (ref e) d {!d 1 : dest,!l : loc, fref d 1 l, eval e d 1, ret (loc l) d}. step/fref : ret e d fref d l {cell l e}. Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 44 / 48

SSOS We can extend this semantics with other features without invalidating the previous rules Example: store, futures, call/cc, communication,... future : exp exp. promise : dest exp. deliver : exp dest type. step/fut : eval (future e) d {!d 1 : dest, eval e d 1, fdel d 1, ret (promise d 1 ) d}. step/fdel : ret e d fdel d 1 {!deliver e d}. step/promise : ret (promise d 1 ) d delivee e d 1 ret e d. Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 44 / 48

Outline 1 Twelf 2 CLF 3 Substructural operational semantics 4 Safety for SSOS 5 Meta-CLF 6 Conclusions and future work Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 45 / 48

Conclusions Our goal is to develop logical frameworks suitable for specifying concurrent and distributed systems. We introduced Meta-CLF, an extension of LF to reason about CLF specifications. We showed that it is expressive enough to write safety proofs of parallel/concurrent PL. Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 46 / 48

Future work Decidability of type checking Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 47 / 48

Future work Decidability of type checking Type reconstruction for implicit arguments (very important for usability) pres/ret : preservation (X 1 ; { x} gen/eval e d 0 g 0 H) ({ y} step/eval e d 0 x H v ) (X 1 ; { y} gen/ret e d 0 g 0 H H v ) Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 47 / 48

Future work Decidability of type checking Type reconstruction for implicit arguments (very important for usability) pres/ret : x. y. d. g. d 0. g 0.Πψ 1 : ctx.πe : exp. Πt : tp.πt 0 : tp.πh : of e t 0.ΠH v : value e ΠX : {!d : dest, g : gen d t} Σ gen {ψ 1,!d 0 : dest, g 0 : gen d 0 t 0 }. preservation t d g (ψ 1,!d 0 : dest, x : eval e d 0 ) (ψ 1,!d 0 : dest, y : ret e d 0 ) (X 1 ; { x} gen/eval e d 0 g 0 H) ({ y} step/eval e d 0 x H v ) (X 1 ; { y} gen/ret e d 0 g 0 H H v ) Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 47 / 48

Future work Decidability of type checking Type reconstruction for implicit arguments (very important for usability) pres/ret : x. y. d. g. d 0. g 0.Πψ 1 : ctx.πe : exp. Πt : tp.πt 0 : tp.πh : of e t 0.ΠH v : value e ΠX : {!d : dest, g : gen d t} Σ gen {ψ 1,!d 0 : dest, g 0 : gen d 0 t 0 }. preservation t d g (ψ 1,!d 0 : dest, x : eval e d 0 ) (ψ 1,!d 0 : dest, y : ret e d 0 ) (X 1 ; { x} gen/eval e d 0 g 0 H) ({ y} step/eval e d 0 x H v ) (X 1 ; { y} gen/ret e d 0 g 0 H H v ) Implementation Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 47 / 48

Future work Coverage checking Coverage checking for traces is difficult due to the equality relation. Easier when restricted to generative invariants GI look like a generalization of context-free grammars gen/eval : gen t d of e t {eval e d}. gen/ret : gen t d of e t {ret e d}. gen/fapp : gen t d {!d 1!d 2 : dest, fapp d 1 d 2 d, gen (arr t 1 t) d 1, gen t 1 d 2 }. Non-terminal: gen. Terminals: eval, ret, fapp. Example: X 1 ; ({y} gen/eval x); X 2 X 1 ; X 2 ; ({y} gen/eval x) Termination (trace size) Jorge Luis Sacchini (joint work with Iliano Cervesato) Meta-reasoning in CLF 48 / 48

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback