Linear Dependent Types in a Subrecursive Setting

Transcription

1 Linear Dependent Types in a Subrecursive Setting Ugo Dal Lago Bounded Linear Logic Workshop December 4th, 2013

2 Part I Linear Dependent Types: Motivations

3 Characterizing Complexity Classes L C

4 Characterizing Complexity Classes L C

5 Characterizing Complexity Classes L C P

6 Characterizing Complexity Classes L S C P

7 Proving S P P Ď S For every function f which can be computed within the bounds prescribed by P, there is a P P S such that P f. S Ď P Semantically For every P P S, P P P is proved by showing that an algorithm computing P exists which works within the prescribed resource bounds. P P L does not necessarily exhibit a nice computational behavior. Example: category-theoretic proofs [Hofmann09]. Operationally Sometimes, L can be endowed with an effective operational semantics. Let L P Ď L be the set of those programs which work within the bounds prescribed by C. S Ď P can be shown by proving S Ď L P.

8 Proving S P P Ď S For every function f which can be computed within the bounds prescribed by P, there is a P P S such that P f. S Ď P Semantically For every P P S, P P P is proved by showing that an algorithm computing P exists which works within the prescribed resource bounds. P P L does not necessarily exhibit a nice computational behavior. Example: category-theoretic proofs [Hofmann09]. Operationally Sometimes, L can be endowed with an effective operational semantics. Let L P Ď L be the set of those programs which work within the bounds prescribed by C. S Ď P can be shown by proving S Ď L P.

9 If Soundness is Proved Operationally... L L P S

10 If Soundness is Proved Operationally... L L P S

11 ICC Systems as Static Analyzers P L S Yes, P L P Don t know

12 ICC Systems as Static Analyzers P L S Yes, P L P + bounds Don t know

13 ICC: Intensional Expressive Power L L P S

14 ICC: Intensional Expressive Power L L P S

15 ICC: Intensional Expressive Power L L P S

16 ICC: Intensional Expressive Power L L P S

17 ICC: Intensional Expressive Power L L P S

18 ICC: Intensional Expressive Power L L P S Safe Recursion [BC92] Light Linear Logic [Girard97].

19 ICC: Intensional Expressive Power L L P S Bounded Recursion on Notation [Cobham63] Bounded Arithmetic [Buss80].

20 Program Logics Judgments: {P}C{Q} Some rules: precondition program postcondition tp re{xsu x : E tp u tp u skip tp u tp u C tqu tqu D tru tp u C; D tru R ñ P tp u C tqu Q ñ S tru C tsu

21 Program Logics Judgments: {P}C{Q} Some rules: precondition program postcondition tp re{xsu x : E tp u tp u skip tp u tp u C tqu tqu D tru tp u C; D tru R ñ P tp u C tqu Q ñ S tru C tsu

22 Program Logics: Relative Completeness The formal system is sound. If true formulas of PA are used as side-conditions. It s also relatively complete [Cook78]. All true assertions can be derived if all true PA formulas can be used as side-conditions. Concrete axiom systems can be derived by throwing in a concrete sound formal system F for PA. They are sound. They are incomplete, due to Gödel incompleteness. F is solely responsible for their incompleteness. A variety of FH logics enjoy the properties above. Including some for higher-order programs [Honda2000] and some in which the complexity of programs and not only their extensional behavior is taken into account.

23 Program Logics Property Complexity Degree of Completeness

24 ICC Systems Property Complexity Degree of Completeness

25 ICC Systems Property Complexity Degree of Completeness

26 ICC Systems Property Complexity Degree of Completeness

27 Some Examples Simply Types Well-typed programs do not go wrong. Type inference and type checking are often decidable. Dependent Types Type checking is decidable. Interesting, extensional properties can be specified. Intersection Types Sound and complete for termination. In certain cases, the complexity of evaluation of a λ-term can be read from its type derivation [decarvalho2008], [Lengrand2011]. Type inference is not decidable. Studying programs as functions requires considering an infinite family of type derivations.

28 Part II The System

29 [BLL] allows for the definition of all polynomial time computable functions and [...] can define datatypes via their Church encodings. Like in Cobham s system explicit size bounds need to be maintained; the difference is that enforcement of these bounds is intrinsically guaranteed by the type system and does neither rely on external reasoning nor on an ad hoc solutions such as cutting off at size overflow [...]. Unfortunately, BLL has received very little attention since its publication; a further elaboration might prove worthwhile. Martin Hofmann, Programming Languages Capturing Complexity Classes, ACM SIGACT News.

30 Bounded Linear Logic

31 Bounded Linear Logic One of the earliest examples of a system capturing polynomial time functions [GSS1992]. Extensionally! For every polytime function there is at least one proof in BLL computing it. Types: A :: αpp 1,..., p n q A b A A xăp A How many polytime proofs does BLL capture? There s evidence they are many [DLHofmann2010]. Type checking can be problematic. As an example: Γ,! xăp A,! yăq Atp ` y{xu $ B p ` q ď r Γ,! xăr A $ B X

32 Bounded Linear Logic One of the earliest examples of a system capturing polynomial time functions [GSS1992]. Extensionally! For every polytime function there is at least one proof in BLL computing it. Types: A :: αpp 1,..., p n q A b A A xăp A How many polytime proofs does BLL capture? There s evidence they are many [DLHofmann2010]. Type checking can be problematic. As an example: Γ,! xăp A,! yăq Atp ` y{xu $ B p ` q ď r Γ,! xăr A $ B X

33 BLL vs. MELL!A!Ab!A ó! xăp`q A! xăp Ab! xăq Atx ` p{xu

34 BLL vs. MELL!A!Ab!A ó! xăp`q A! xăp Ab! xăq Atx ` p{xu

35 BLL vs. MELL!A A ó! xă1 A At0{xu

36 BLL vs. MELL!A A ó! xă1 A At0{xu

37 BLL vs. MELL!A!!A ó! ř xă yăp q A! yăp! xăq Atx ` ÿ qtz{yu{xu zăy

38 BLL vs. MELL!A!!A ó! ř xă yăp q A! yăp! xăq Atx ` ÿ qtz{yu{xu zăy

39 BLL is not Intensionally Complete Everything works in polynomial time. Take: logpxq Ñ 1 rlog 2 p x qs ; exppxq Ñ 1 2 x. Consider: idpxq Ñ expplogpxqq. id is polytime, but cannot be typed in BLL, because exp cannot. How about hereditarily polytime algorithms? Polynomials seem to be too uniform anyway. Hard to capture algorithms which are polytime but not blindly polytime. A more general notion of a bound is needed!

40 Why?! aăi A ó At0{au b... b AtI 1{au

41 Why?! aăi A ó At0{au b... b AtI 1{au

42 dlpcf: a Bird s Eye View A type system for the λ-calculus with constants and full higher-order recursion. (i.e. PCF). Greatly inspired by BLL. Indices are not necessarily polynomials, but terms from a signature Σ. Symbols in Σ are given a meaning by an equational program E. Side conditions: K 1 ď H 1,..., K n ď H n ù E I ď J Types and modal types: A, B :: NatrI, Js F A basic types F, G :: ra ă Is A modal types

43 dlpcf: a Bird s Eye View A type system for the λ-calculus with constants and full higher-order recursion. (i.e. PCF). Greatly inspired by BLL. Indices are not necessarily polynomials, but terms from a signature Σ. Symbols in Σ are given a meaning by an equational program E. Side conditions: K 1 ď H 1,..., K n ď H n ù E I ď J Types and modal types: A, B :: NatrIs F A basic types F, G :: ra ă Is A modal types

44 dlpcf: a Bird s Eye View A type system for the λ-calculus with constants and full higher-order recursion. (i.e. PCF). Greatly inspired by BLL. Indices are not necessarily polynomials, but terms from a signature Σ. Symbols in Σ are given a meaning by an equational program E. Side conditions: K 1 ď H 1,..., K n ď H n ù E I ď J Types and modal types: A, B :: ta P Nat Iu F A basic types F, G :: ra ă Is A modal types

45 The Meaning of Types ra ă Is A B ó pat0{au b... b AtI 1{auq B

46 The Meaning of Types ra ă Is A B ó pat0{au b... b AtI 1{auq B

47 dlpcf: Some Rules $ E ra ă Is A Ď ra ă 1s B Γ, x : ra ă Is A $ E 0 x : Bt0{au V Weight

48 dlpcf: Some Rules $ E NatrI ` 1, J ` 1s Ď NatrK, Hs Γ $ E L M : NatrI, Js Γ $ E S L succpmq : NatrK, Hs

49 dlpcf: Some Rules $ E Σ Ď Γ Z ř aăi Γ $ E J M : ra ă Is A B $ E K N : A Σ $ E J`ř aďi K`I MN : B A

50 dlpcf: Some Rules Sum of Modal Types $ E Σ Ď Γ Z ř aăi Γ $ E J M : ra ă Is A B $ E K N : A Σ $ E J`ř aďi K`I MN : B A

51 dlpcf: Some Rules Bounded Sum of Modal Types $ E Σ Ď Γ Z ř aăi Γ $ E J M : ra ă Is A B $ E K N : A Σ $ E J`ř aďi K`I MN : B A

52 dlpcf: How Recursion Works b; x : ra ă Is A $ E J M : B Bt0{bu ra ă It0{bus At0{bu At0{but0{au At0{butIt0{bu 1{au Bt1{bu BtIt0{bu{bu ra ă It1{bus At1{bu. ra ă ItpIt0{buq{bus AtpIt0{buq{bu.

53 dlpcf: How Recursion Works b; x : ra ă Is A $ E J M : B Bt0{bu ra ă It0{bus At0{bu At0{but0{au At0{butIt0{bu 1{au Bt1{bu BtIt0{bu{bu ra ă It1{bus At1{bu. ra ă ItpIt0{buq{bus AtpIt0{buq{bu.

54 dlpcf: How Recursion Works b; x : ra ă Is A $ E J M : B Bt0{bu ra ă It0{bus At0{bu At0{but0{au At0{butIt0{bu 1{au Bt1{bu BtIt0{bu{bu ra ă It1{bus At1{bu. ra ă ItpIt0{buq{bus AtpIt0{buq{bu.

55 dlpcf: How Recursion Works b; x : ra ă Is A $ E J M : B Bt0{bu ra ă It0{bus At0{bu At0{but0{au At0{butIt0{bu 1{au Bt1{bu BtIt0{bu{bu ra ă It1{bus At1{bu. ra ă ItpIt0{buq{bus AtpIt0{buq{bu.

56 dlpcf: How Recursion Works b; x : ra ă Is A $ E J M : B Bt0{bu ra ă It0{bus At0{bu At0{but0{au At0{butIt0{bu 1{au Bt1{bu BtIt0{bu{bu ra ă It1{bus At1{bu. ra ă ItpIt0{buq{bus AtpIt0{buq{bu.

57 dlpcf: How Recursion Works b; x : ra ă Is A $ E J M : B Bt0{bu ra ă It0{bus At0{bu At0{but0{au At0{butIt0{bu 1{au Bt1{bu BtIt0{bu{bu ra ă It1{bus At1{bu. ra ă ItpIt0{buq{bus AtpIt0{buq{bu.

58 dlpcf: How Recursion Works b; x : ra ă Is A $ E J M : B Ï b I Bt0{bu It0{bu Bt1{bu It1{bu ItpIt0{auq{bu BtIt0{bu{bu

59 dlpcf: How Recursion Works b; x : ra ă Is A $ E J M : B Ï b I Bt0{bu It0{bu Bt1{bu It1{bu ItpIt0{auq{bu BtIt0{bu{bu

60 dlpcf: Intended Meaning $ I M : rjs Natras NatrK, Hs What does this mean? M computes a function from natural numbers to natural numbers. Something extensional: On input a natural number a, M returns a natural number in rk, Hs Something more intensional: The cost of evaluation of M on an input a is I ` J. Two questions: Is this correct? How many programs can be captured this way? Type soundness is somehow inherited from BLL.

61 dlpcf: Intended Meaning $ I M : rjs Natras NatrK, Hs What does this mean? M computes a function from natural numbers to natural numbers. Something extensional: On input a natural number a, M returns a natural number in rk, Hs Something more intensional: The cost of evaluation of M on an input a is I ` J. Two questions: Is this correct? How many programs can be captured this way? Type soundness is somehow inherited from BLL.

62 dlpcf: Intended Meaning $ I M : rjs Natras NatrK, Hs What does this mean? M computes a function from natural numbers to natural numbers. Something extensional: On input a natural number a, M returns a natural number in rk, Hs Something more intensional: The cost of evaluation of M on an input a is I ` J. Two questions: Is this correct? How many programs can be captured this way? Type soundness is somehow inherited from BLL.

63 dlpcf: Intended Meaning $ I M : rjs Natras NatrK, Hs What does this mean? M computes a function from natural numbers to natural numbers. Something extensional: On input a natural number a, M returns a natural number in rk, Hs Something more intensional: The cost of evaluation of M on an input a is I ` J. Two questions: Is this correct? How many programs can be captured this way? Type soundness is somehow inherited from BLL.

64 dlpcf: Intended Meaning $ I M : rjs Natras NatrK, Hs What does this mean? M computes a function from natural numbers to natural numbers. Something extensional: On input a natural number a, M returns a natural number in rk, Hs Something more intensional: The cost of evaluation of M on an input a is I ` J. Two questions: Is this correct? How many programs can be captured this way? Type soundness is somehow inherited from BLL.

65 dlpcf: Intended Meaning $ I M : rjs Natras NatrK, Hs What does this mean? M computes a function from natural numbers to natural numbers. Something extensional: On input a natural number a, M returns a natural number in rk, Hs Something more intensional: The cost of evaluation of M on an input a is I ` J. Two questions: Is this correct? How many programs can be captured this way? Type soundness is somehow inherited from BLL.

66 dlpcf: Intended Meaning $ I M : rjs Natras NatrK, Hs What does this mean? M computes a function from natural numbers to natural numbers. Something extensional: On input a natural number a, M returns a natural number in rk, Hs Something more intensional: The cost of evaluation of M on an input a is I ` J. Two questions: Is this correct? How many programs can be captured this way? Type soundness is somehow inherited from BLL.

67 Completeness for Programs The following holds only when E is universal. p A q is the PCF type underlying A, i.e. its skeleton. The type system can be lifted to configurations of an abstract machine à la Krivine. Lemma (Weighted Subject Expansion) If D has weight I and type A and C is typable with type p A q. Then, C Ñ D implies that C has weight J and type A, where ù J ď I ` 1. Theorem (Relative Completeness for Programs) Let M be a PCF program such that M ó n m. Then, there exist two index terms I and J such that I U ď n and J U m and such that the term M is typable in dlpcf as $ U I M : NatrJs.

68 Completeness for Programs The following holds only when E is universal. p A q is the PCF type underlying A, i.e. its skeleton. The type system can be lifted to configurations of an abstract machine à la Krivine. Lemma (Weighted Subject Expansion) If D has weight I and type A and C is typable with type p A q. Then, C Ñ D implies that C has weight J and type A, where ù J ď I ` 1. Theorem (Relative Completeness for Programs) Let M be a PCF program such that M ó n m. Then, there exist two index terms I and J such that I U ď n and J U m and such that the term M is typable in dlpcf as $ U I M : NatrJs.

69 Completeness for Programs The following holds only when E is universal. p A q is the PCF type underlying A, i.e. its skeleton. The type system can be lifted to configurations of an abstract machine à la Krivine. Lemma (Weighted Subject Expansion) If D has weight I and type A and C is typable with type p A q. Then, C Ñ D implies that C has weight J and type A, where ù J ď I ` 1. Theorem (Relative Completeness for Programs) Let M be a PCF program such that M ó n m. Then, there exist two index terms I and J such that I U ď n and J U m and such that the term M is typable in dlpcf as $ U I M : NatrJs.

70 Completeness for Functions It strongly relies on the universality of U. Suppose that tπ n u npn is an r.e. family of type derivations: For the same term M; Having the same PCF skeleton (as type derivations); Then we can turn them into a single, parametric type derivation. Theorem (Relative Completeness for Functions) Suppose that M is a PCF term such that $ M : Nat Ñ Nat. Moreover, suppose that there are two (total and computable) functions f, g : N Ñ N such that M n ó gpnq fpnq. Then there are terms I, J, K with I ` J ď g and K f, such that $ U I M : rjs Natras NatrKs.

71 Completeness for Functions It strongly relies on the universality of U. Suppose that tπ n u npn is an r.e. family of type derivations: For the same term M; Having the same PCF skeleton (as type derivations); Then we can turn them into a single, parametric type derivation. Theorem (Relative Completeness for Functions) Suppose that M is a PCF term such that $ M : Nat Ñ Nat. Moreover, suppose that there are two (total and computable) functions f, g : N Ñ N such that M n ó gpnq fpnq. Then there are terms I, J, K with I ` J ď g and K f, such that $ U I M : rjs Natras NatrKs.

72 Linear Dependent Types [DLGaboardi2011] Property Complexity BLL dlpcf Degree of Completeness

73 Part III Recent Contributions

74 Type Inference (joint with Petit) We have a powerful system for complexity analsysis, which is relatively complete. Thus undecidable! So what? It s the same situation as in program logics... But there are algorithms for weakest preconditions, there... We need something similar also here...

75 Type Inference (joint with Petit) We have a powerful system for complexity analsysis, which is relatively complete. Thus undecidable! So what? It s the same situation as in program logics... But there are algorithms for weakest preconditions, there... We need something similar also here...

76 Type Inference (joint with Petit) We have a powerful system for complexity analsysis, which is relatively complete. Thus undecidable! So what? It s the same situation as in program logics... But there are algorithms for weakest preconditions, there... We need something similar also here...

77 Type Inference (joint with Petit) We have a powerful system for complexity analsysis, which is relatively complete. Thus undecidable! So what? It s the same situation as in program logics... But there are algorithms for weakest preconditions, there... We need something similar also here...

78 Type Inference (joint with Petit) We have a powerful system for complexity analsysis, which is relatively complete. Thus undecidable! So what? It s the same situation as in program logics... But there are algorithms for weakest preconditions, there... We need something similar also here...

79 Type Inference (joint with Petit) t TI σ I E I $ E I t : σ P I. ù E E

80 Type Inference (joint with Petit) t TI σ I E I $ E I t : σ P I. ù E E

81 Linear Dependency in a Subrecursive Setting (joint with Baillot and Barthe, Ongoing) A necessary condition for completeness: universality of E. What if we restrict PCF to a subrecursive language similar to Gödel s T? We don t need the complicated machinery needed for handling recursion in PCF, anymore. We can easily handle references through effects. Judgments become: Γ $ E I M : A, ϕ Two interesting results on type inference: Linearity on higher-order variables implies termination of E; If all occurrences of recursion in the underlying program are first-order, then E is primitive recursive.

82 Linear Dependency in a Subrecursive Setting (joint with Baillot and Barthe, Ongoing) A necessary condition for completeness: universality of E. What if we restrict PCF to a subrecursive language similar to Gödel s T? We don t need the complicated machinery needed for handling recursion in PCF, anymore. We can easily handle references through effects. Judgments become: Γ $ E I M : A, ϕ Two interesting results on type inference: Linearity on higher-order variables implies termination of E; If all occurrences of recursion in the underlying program are first-order, then E is primitive recursive.

83 Linear Dependency and Session Types (Ongoing) Linear logic and session types are stongly related (e.g. [CairesPfenning10]). The type of a (potentially non-terminating) session between a bank and a customer could be, e.g. µα.nat Nat α With linear dependency, one could decorate the type as follows: µαpaq.natpbq NatpKq H I αpjq where I, H are boolean index term. If the rewrite system fpaq Ñ if I then fpjq else end is terminating, then the session above is finite.

84 Questions?