CLF: A logical framework for concurrent systems

Similar documents
System Description: Twelf A Meta-Logical Framework for Deductive Systems

Avoiding Spurious Causal Dependencies via Proof Irrelevance in a Concurrent Logical Framework

A Concurrent Logical Framework:

Meta-programming with Names and Necessity p.1

On the Logical Foundations of Staged Computation

Lecture Notes on Monadic Logic Programming

Beluga: A Framework for Programming and Reasoning with Deductive Systems (System Description)

Lecture Notes on Data Representation

Three Applications of Strictness in the Efficient Implementaton of Higher-Order Terms

Operational Semantics

Elf: A Meta-Language for Deductive Systems (System Description)

Foundational Aspects of Syntax 1

Refinement Types as Proof Irrelevance. William Lovas with Frank Pfenning

Modal Logic: Implications for Design of a Language for Distributed Computation p.1/53

A Logical View of Effects

Encryption as an Abstract Datatype:

Rule Formats for Nominal Modal Transition Systems

Type Theory. Lecture 2: Dependent Types. Andreas Abel. Department of Computer Science and Engineering Chalmers and Gothenburg University

Lecture Notes on Computational Interpretations of Modalities

Modal Logic Revisited

Mechanizing Metatheory with LF and Twelf

Verifying Program Invariants with Refinement Types

Typed Lambda Calculus

Assistant for Language Theory. SASyLF: An Educational Proof. Corporation. Microsoft. Key Shin. Workshop on Mechanizing Metatheory

Lecture Notes on Program Equivalence

Com S 541. Programming Languages I

Kripke-Style Contextual Modal Type Theory

Programming Languages Third Edition

System Description: Delphin A Functional Programming Language for Deductive Systems

The design of a programming language for provably correct programs: success and failure

Formal Systems and their Applications

Type assignment for intersections and unions in call-by-value languages

HOL DEFINING HIGHER ORDER LOGIC LAST TIME ON HOL CONTENT. Slide 3. Slide 1. Slide 4. Slide 2 WHAT IS HIGHER ORDER LOGIC? 2 LAST TIME ON HOL 1

Typing & Static Analysis of Multi-Staged Programs

higher type are \fully applied" that is, each occurrence is applied to enough arguments to reach a base type. Thus we see that the methodology of logi

DEFINING A LANGUAGE. Robert Harper. Friday, April 27, 12

Typed Lambda Calculus for Syntacticians

Extracting the Range of cps from Affine Typing

Abstract Logic Programming

The Metalanguage λprolog and Its Implementation

Dependently Typed Programming with Domain-Specific Logics

A Linear Logical Framework 1

An Implementation of the Language Lambda Prolog Organized around Higher-Order Pattern Unification

Language Techniques for Provably Safe Mobile Code

Coq projects for type theory 2018

Supplementary Notes on Abstract Syntax

Propositional Logic Formal Syntax and Semantics. Computability and Logic

Simple Unification-based Type Inference for GADTs

1 Introduction. 3 Syntax

Specifying and Implementing Theorem Provers in a Higher-Order Logic Programming Language

Compiler Verification in LF

3.4 Deduction and Evaluation: Tools Conditional-Equational Logic

Module 6. Knowledge Representation and Logic (First Order Logic) Version 2 CSE IIT, Kharagpur

Knowledge Representation and Reasoning Logics for Artificial Intelligence

A Modal Foundation for Meta-Variables

Functional Programming with Names and Necessity

A Pronominal Account of Binding and Computation

Where is ML type inference headed?

Written Presentation: JoCaml, a Language for Concurrent Distributed and Mobile Programming

The three faces of homotopy type theory. Type theory and category theory. Minicourse plan. Typing judgments. Michael Shulman.

ICFP: G: Curry-Howard for Callbacks

Lecture 3: Typed Lambda Calculus and Curry-Howard

CS 6110 S11 Lecture 25 Typed λ-calculus 6 April 2011

An Evolution of Mathematical Tools

Foundations of AI. 9. Predicate Logic. Syntax and Semantics, Normal Forms, Herbrand Expansion, Resolution

A Modal Analysis of Staged Computation Rowan Davies and Frank Pfenning Carnegie Mellon University We show that a type system based on the intuitionist

Automated Theorem Proving in a Simple Meta-Logic for LF

Thesis Proposal: Refinement Types for LF (DRAFT)

The Logical Basis of Evaluation Order & Pattern-Matching

Symmetry in Type Theory

Lecture slides & distribution files:

The Typed λ Calculus and Type Inferencing in ML

Computation and Deduction

QWeSST. Type-Safe Web Programming. Thierry Sans and Iliano Cervesato. Carnegie Mellon University Qatar

Type Systems COMP 311 Rice University Houston, Texas

CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Chapter p. 1/27

Type Checking and Inference Are Equivalent in Lambda Calculi with Existential Types

CS152: Programming Languages. Lecture 11 STLC Extensions and Related Topics. Dan Grossman Spring 2011

1. Abstract syntax: deep structure and binding. 2. Static semantics: typing rules. 3. Dynamic semantics: execution rules.

Calculus of Inductive Constructions

Type Checking and Type Inference

Syntax-semantics interface and the non-trivial computation of meaning

COMP4418 Knowledge Representation and Reasoning

Pure Lambda Calculus. Lecture 17

HIGHER-ORDER ABSTRACT SYNTAX IN TYPE THEORY

Goal. CS152: Programming Languages. Lecture 15 Parametric Polymorphism. What the Library Likes. What The Client Likes. Start simpler.

Categorical models of type theory

Combining Programming with Theorem Proving

CS-XXX: Graduate Programming Languages. Lecture 9 Simply Typed Lambda Calculus. Dan Grossman 2012

Operational Semantics 1 / 13

A Logical Foundation for Session-based Concurrent Computation

Logic and its Applications

The Fox Project: Advanced Development of Systems Software

CMSC 330: Organization of Programming Languages. Operational Semantics

Practical Programming with Higher-Order Encodings and Dependent Types

Semantics for core Concurrent ML using computation types

Certificates for incremental type checking

Lambda Calculus. Type Systems, Lectures 3. Jevgeni Kabanov Tartu,

CSCI-GA Scripting Languages

Introduction to SML Getting Started

Transcription:

CLF: A logical framework for concurrent systems Thesis Proposal Kevin Watkins Carnegie Mellon University Committee: Frank Pfenning, CMU (Chair) Stephen Brookes, CMU Robert Harper, CMU Gordon Plotkin, University of Edinburgh CMU, May 13, 2003 p.1

Thesis: CLF enables succinct and straightforward specification and implementation of concurrent systems CLF = Concurrent Logical Framework Developed jointly with Iliano Cervesato, Frank Pfenning, and David Walker CMU, May 13, 2003 p.2

What is a logical framework? Generic, mechanizable system for specifying, computing with, and reasoning about deductive systems. Consists of: Language based on logical formulas Principles for representing systems of interest Algorithms for mechanically manipulating the language Applications: Logics Programming languages CMU, May 13, 2003 p.3

What is a logical framework? Basic idea: Specify at high level using logical connectives Find powerful connectives in logics richer than classical: intuitionistic logic, linear logic, lax logic Why based on logic? Conceptually uniform (same language for specification and reasoning) Generic Long history (most studied kind of formal system) CMU, May 13, 2003 p.4

Outline The LF logical framework Modeling judgments and deductions Linear logic Modeling state The CLF framework Monadic type Modeling concurrency Thesis statement Research plan CMU, May 13, 2003 p.5

The LF logical framework CLF extends LF = Logical Framework [Harper, Honsell, Plotkin 1987] LF based on type theory: Syntax and deductions unified as objects Correctness of objects specified by types Type language based on intuitionistic logic CMU, May 13, 2003 p.6

The LF logical framework Why explicit objects for proofs? Meta-reasoning Applications (e.g. proof-carrying code) Reliability Why types? Type checking is decidable Type checking algorithm is efficient Well-typed objects automatically compose Proof checking = type checking! CMU, May 13, 2003 p.7

Representing deductive systems in LF Deductive system terminology: Judgment = statement subject to proof Examples: The proposition A is true. The expression e evaluates to value v. The principal P knows secret key κ. Deduction = object containing evidence of a judgment (tree of inferences) A true B true A B true e 1 true e 2 v (if e 1 then e 2 else e 3 ) v CMU, May 13, 2003 p.8

Representing deductive systems in LF Formalize system of interest: Syntax Judgments Allowed rules of deduction Formulate representation function mapping to LF: Syntax becomes LF objects Judgments become LF types Deductions become LF objects CMU, May 13, 2003 p.9

Representing deductive systems in LF Syntax built from LF constants having function types: and : prop prop prop ite : exp exp exp exp A B and( A, B ) if e 1 then e 2 else e 3 ite( e 1, e 2, e 3 ) Judgments become dependent types referring to particular objects. Examples: true : prop type eval : exp val type knows : prin key type CMU, May 13, 2003 p.10

Representing deductive systems in LF Rules of inference become LF constants having function types: I : true(a) true(b) true(and(a, B)) if_true : eval(e 1, true) eval(e 2, v) eval(ite(e 1, e 2, e 3 ), v) Deductions mapped to compositions of these constants CMU, May 13, 2003 p.11

Representing deductive systems in LF Adequacy theorem: Bijection between syntax of system and LF objects of proper type Bijection between deductions of system and LF objects of proper type LF features make this easier: Model variable binding with LF function types Model capture-avoiding substitution with LF function application CMU, May 13, 2003 p.12

LF summary Language: Dependent type theory Based on intuitionistic logic Representation principles: Judgments as types Deductions as objects Algorithms: Type checking (= proof checking) More... CMU, May 13, 2003 p.13

Example: locking protocol Model trivial locking protocol Multiple threads t 1,..., t n Multiple locks l 1,..., l n Each thread runs program Program = sequence of instructions lock(l) unlock(l) Other details suppressed CMU, May 13, 2003 p.14

Example: locking protocol LF types for threads, locks, programs: LF objects for programs: thread : type lock : type program : type exit : program do_lock : lock program program do_unlock : lock program program Example: do_lock(l, do_unlock(l, exit)) has type program CMU, May 13, 2003 p.15

Example: locking protocol Great, we modeled the syntax. But how to model execution? Need to model state: What program is each thread running? Which locks are locked? Could introduce more syntax for states... Better answer: extend the logic underlying LF CMU, May 13, 2003 p.16

Linear logic CLF related to Dual Intuitionistic Linear Logic (DILL) [Hodas, Miller 1994; Barber 1996] Dual meaning two kinds of hypotheses: Unrestricted hypotheses Can use more than once Or not at all Linear hypotheses Must use exactly once Think linear hypotheses = resources CMU, May 13, 2003 p.17

Linear logic Unrestricted hypotheses already available via LF function type A B New connectives: Linear implication A B (create linear hypothesis = resource) Multiplicative conjunction A B (join resources) Multiplicative unit 1 (empty set of resources) More... CMU, May 13, 2003 p.18

Linear logic Unrestricted examples: More than once: A A A Not at all: A 1 Linear examples: Okay: A B B A No! A A A No! A 1 CMU, May 13, 2003 p.19

Representing state via linear logic Richer logic allows simpler modeling of state State = set of linear hypotheses (resources) Inference rules modify state Consume resources Introduce new resources CMU, May 13, 2003 p.20

Example continued New judgments (= types) for state: unlocked : lock type locked : lock thread type run : thread program type Inference rules modify state: run(t, exit) 1 run(t, do_lock(l, p)) unlocked(l) run(t, p) locked(l, t) run(t, do_unlock(l, p)) locked(l, t) run(t, p) unlocked(l) CMU, May 13, 2003 p.21

Representing state via linear logic Modeling reachability: Initialize with linear hypotheses for starting state Final state reachable iff there is a deduction of it Not yet a type theory What about deductions-as-objects? Want bijection between deductions and executions More precise than reachability CMU, May 13, 2003 p.22

Linear logic as a framework Prior work: Linear Logical Framework (LLF) [Cervesato, Pfenning 1996] Has unrestricted and linear hypotheses Has unrestricted and linear implication: and Also more connectives not discussed here: Π, &, No synchronous connectives:, 1,, 0,!, CMU, May 13, 2003 p.23

Linear logic as a framework No, 1 availabile in LLF Instead use continuation-passing style : DILL style: run(t, do_lock(l, p)) unlocked(l) run(t, p) locked(l, t) LLF style: (run(t, p) locked(l, t) g) (run(t, do_lock(l, p)) unlocked(l) g) Problem: CPS sequentializes execution Too few deductions equal Proof search not concurrent No good for concurrent systems! CMU, May 13, 2003 p.24

Linear logic as a framework Why no synchronous connectives?, 1,, 0,!, involve let-style elimination forms Commuting conversions push let bindings around Example: (let y 1 y 2 = x in M 1 ) M 2 versus let y 1 y 2 = x in (M 1 M 2 ) No obvious way to define canonical forms LLF solution: rule out synchronous connectives CLF solution: segregate, 1,!, using monad CMU, May 13, 2003 p.25

Monad Segregate more restrictive from less restrictive language Prior work: Segregate effectful from non-effectful computations in functional programming [Moggi 1988] Logical view: lax logic [Benton, Bierman, de Paiva 1998] Judgmental view [Pfenning, Davies 2000] Two kinds of judgments: A true : can prove A in more restrictive language A lax : can prove A in less restrictive language CMU, May 13, 2003 p.26

Monad New monadic type constructor { } Moving between judgments: If A true holds, then A lax holds If A lax holds, then {A} true holds CLF idea: confine, 1,!, to lax judgment Syntactic restriction on types From this: A 1!B C 1!D To this: A B {C 1!D} CMU, May 13, 2003 p.27

Example revisited DILL style: run(t, exit) 1 run(t, do_lock(l, p)) unlocked(l) run(t, p) locked(l, t) run(t, do_unlock(l, p)) locked(l, t) run(t, p) unlocked(l) CLF style: run(t, exit) {1} run(t, do_lock(l, p)) unlocked(l) {run(t, p) locked(l, t)} run(t, do_unlock(l, p)) locked(l, t) {run(t, p) unlocked(l)} CMU, May 13, 2003 p.28

CLF type theory Types: Atomic P ::= a P N Asynch A ::= P Πx:A. A A A A & A {S} Synch S ::= S S 1 x:a. S!A A (A B special case of Πx:A. B) CMU, May 13, 2003 p.29

CLF type theory Objects (only canonical forms): Atomic R ::= c x R N R N π 1 R π 2 R Normal N ::= R λx. N λx. N N, N {E} Expr E ::= let {p} = R in E M Monadic M ::= M M 1 [N, M]!N N Pattern p ::= p p 1 [x, p]!x x Truth judgment: atomic objects, normal objects, monadic objects Lax judgment: expressions CMU, May 13, 2003 p.30

CLF type theory Monad eliminates commutative conversions Example: {(let {y 1 y 2 } = x in M 1 ) M 2 } ruled out by judgments Example: {let {y 1 y 2 } = x in M 1 } M 2 not well typed Must have {let {y 1 y 2 } = x in (M 1 M 2 )} Still have permutative conversions inside expressions Example: {let {p 1 } = R 1 in let {p 2 } = R 2 in E} versus {let {p 2 } = R 2 in let {p 1 } = R 1 in E} Equal objects in CLF (presuming variables don t get detached from their bindings) CMU, May 13, 2003 p.31

CLF type theory CLF equality on objects given by: α-conversion Permutative conversions Also need instantiation algorithm to compute canonical forms while typing Payoff: α-conversion models variable binding Instantiation algorithm models capture-avoiding substitution New: Permutative conversions model concurrency! CMU, May 13, 2003 p.32

Modeling concurrency Basic idea: Concurrent execution becomes sequence of let bindings Independent computation steps are let bindings with no common linear variables Because of permutative conversions, can t observe order in which independent computation steps occur More details in proposal document Still need to axiomatize more sophisticated relations (e.g. π-calculus bisimulation) CMU, May 13, 2003 p.33

CLF summary Language: Dependent type theory New: Based on linear logic plus monad Representation principles: Deductions are objects Judgments are types State as linear hypotheses New: Concurrent computations are monadic expressions Conservatively extends LF and LLF CMU, May 13, 2003 p.34

Thesis: CLF enables succinct and straightforward specification and implementation of concurrent systems CMU, May 13, 2003 p.35

Thesis In detail: Succinct: don t have to reason explicitly about serializations Straightforward: just add monad brackets to your DILL formulas Analogy: in LF, don t have to reason about variable binding Not only interested in specification; must be possible to create mechanized tools for computing with and reasoning about specifications CMU, May 13, 2003 p.36

Research outline Completed work: [Definition of CLF] Theory of CLF Example specifications Proposed work: Framework extensions Semantics of proof search Tools CMU, May 13, 2003 p.37

Theory of CLF Key points (see proposal document): Includes all connectives of DILL except, 0 (future work) Conservatively extends LF and LLF New presentation of LF restricts to canonical forms No redices allowed Instantiation algorithm works on ill-typed objects No mutual dependence of equality and typing CMU, May 13, 2003 p.38

Theory of CLF Instantiation and typing: Γ R Πx:A. B Γ N A Γ R N inst_a A (x. B, N) ΠE Example: inst_a a a (x. b (λy. c (x (x y))), λz. d z) b (λy. c (d (d y))) CMU, May 13, 2003 p.39

Example specifications Already done: Petri nets The π-calculus [Milner] ML with references, suspensions, futures, concurrency à la Concurrent ML [Reppy] Future work: MSR (security protocols) [Cervesato] Forum [Miller] Action calculi [Milner] CMU, May 13, 2003 p.40

Framework extensions Full DILL language: (add, 0) Which equality is right? (need more examples) Syntactic extensions: Notational definitions Explicit substitutions More judgments: Ordered hypotheses [Polakow] Proof irrelevance [Pfenning] CMU, May 13, 2003 p.41

Proof search Prior work: Elf language [Pfenning 1994] Interpret LF specification as logic program Operational semantics for proof search Generalizes Prolog Requires unification algorithm New issues for CLF: Non-determinism associated with concurrency Linear unification algorithm (prior work: pre-unification [Cervesato, Pfenning 1997]) CMU, May 13, 2003 p.42

Tools Key algorithms: Type-checking Type reconstruction Proof search Prior work: Twelf system [Pfenning et al.] CMU, May 13, 2003 p.43

Research plan First: Implement checker More example specifications Informed by examples: Framework extensions Semantics of proof search Implement search (restricted unification) and experiment CMU, May 13, 2003 p.44

Research plan If time permits: Full unification Methods of representing meta-proofs CMU, May 13, 2003 p.45

Conclusion Natural progression: LF: judgments as types, deductions as objects Internalizes α-conversion, capture-avoiding substitution LLF: state as linear hypotheses Internalizes state CLF: concurrent computations as monadic expressions Internalizes concurrent equality CMU, May 13, 2003 p.46

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback