1

Explicit Contexts in LF

Karl Crary

Carnegie Mellon University

Workshop on Mechanized Metatheory, 9/21/06

2

The LF methodology

• Construct isomorphisms between:– Syntactic classes and LF types– Expressions and LF terms

(of appropriate type)– Judgements and LF types– Derivations and LF terms

(of appropriate type)

3

The LF methodology

• Isomorphisms must commute with substitution.

• To do so:– Identify OL variables with LF variables.– Identify OL assumptions with LF assumptions.– Consequently, identify OL contexts with

(fragments of) LF contexts.

4

LF example: Syntax

tp : type. exp : type.

o : tp.arrow : tp -> tp -> tp.

b : exp.lam : tp -> (exp -> exp) -> exp.app : exp -> exp -> exp.

5

LF example: Semantics

of : exp -> tp -> type.

of/b : of b o.

of/lam : of (lam A ([x] M x)) (arrow A B) <- ({x} of x A -> of (M x) B).

of/app : of (app M N) B <- of M (arrow A B) <- of N A.

6

The problem

• Contexts are implicit.

• Cannot be manipulated by proofs.

• Can be a problem for theorems involving a distinguished bound variable.

7

Distinguished bound variable

• If of M Aand ({x} of x A -> of (N x) B)then of (N M) B

• In Twelf syntax:

subst : of M A -> ({x} of x A -> of (N x) B) -> of (N M) B -> type.%mode subst +D1 +D2 -D3.

8

Important caveat

• There’s no reason to do this!

• Substitution lemma is free in LF.– If D1 : of M A

and D2 : ({x} of x A -> of (N x) B)then D2 M D1 : of (N M) B

• Illustrative example, not a motivating one.

9

Motivating examples

• Substitution lemma for languages with different judgements on left and right– Sequent calculus, imperative type systems

• Narrowing in F-sub (Poplmark challenge)

• Functionality

• Defined notions of substitution– Hereditary substitution

• Linear and modal logic

10

Substitution theorem

• If of M Aand ({x} of x A -> of (N x) B)then of (N M) B

• By induction on the second argument.

11

A proof case

Suppose:D1 : of M AD2 = [x] [d:of x A] of/lam ([y] [e] D x d y e) : {x} of x A -> of (lam B ([y] N x y)) (arrow B C)D : {x} of x A -> {y} of y B -> of (N x y) C

12

A proof case• Let y:exp and e:of y B be arbitrary.

• Therefore:[x] [d:of x A] D x d y e : {x} of x A -> of (N x y) C

• By induction there exists:D’ y e : of (N M y) C

• Thereforeof/lam D’: of (lam B ([y] N M y)) (arrow B C)

13

A proof case in Twelf

-: subst D1 ([x] [d:of x A] of/lam ([y] [e:of y B] D x d y e)) (of/lam D') <- ({y} {e:of y B} subst D1 ([x] [d:of x A] D x d y e) (D' y e : of (N M y) C)).

14

Assumption permutation

• Proof permutes x & d with y & e.

• No room for bindings between distinguished variable and its scope.– Undistinguished variables go in context.

• In essence, the distinguished variable must appear last.– Permute assumptions to preserve this

condition.

15

Uh oh!

• With dependent types, we cannot permute assumptions.

• When e’s type depends on x, it cannot be pulled outside.

16

The problem

• When:– doing an inductive proof in Twelf– that involves a distinguished bound variable,– and the setting includes dependent types,

• You have a problem:– Cannot keep the designated bound variable

last.

17

Explicit contexts

• Make the context into an explicit object that the proof can manipulate.– This allows us to place the variable of interest

anywhere in the context.

• Proof technique only!– No change to LF or Twelf.

• No change to syntax!– Still using higher-order abstract syntax.

• Can convert from and to implicit contexts.

18

Methodology

• Syntax is still entirely higher-order.

• Give two versions of the semantics.– Implicit and explicit context.

• Convert derivations to use explicit contexts when necessary.

19

Contexts

ctx : type.

nil : ctx.cons : ctx -> exp -> tp -> ctx.

20

First cut: lookup

lookup : ctx -> exp -> tp -> type.

lookup/hit : lookup (cons G X A) X A.

lookup/miss : lookup (cons G Y _) X A <- lookup G X A.

21

First cut: semantics

ofe : ctx -> exp -> tp -> type.

ofe/var : ofe G X A <- lookup G X A.

ofe/closed : ofe G M A <- of M A.

22

First cut: semantics

ofe/lam : ofe G (lam A ([x] M x)) (arrow A B) <- ({x:exp} ofe (cons G x A) (M x) B).

ofe/app : ofe G (app M N) B <- ofe G M (arrow A B) <- ofe G N A.

23

Problem: bad contexts

• Contexts are merely association lists of terms and types.

• Syntax permits:– “Binding” of non-variables.– Multiple bindings of a single variable.

• Need a context formation judgement– Each term should be a distinct variable.

24

Context formation

• Distinguish variables using a hypothetical judgement.– Also assigns an ordering to variables.

• Context formation judgement:– Only variables may appear.– Variables must be ordered.

(Hence, no duplicates.)

25

Variable ordering

isvar : exp -> nat -> type.%{Assumption "isvar X I" indicates: (1) X is a variable, and (2) x carries order stamp I.

}%

precedes : exp -> exp -> type.

precedes/i : precedes X Y <- isvar X I <- isvar Y J <- lt I J.

26

Context formationbounded : ctx -> exp -> type.

bounded/nil : bounded nil X <- isvar X _.bounded/cons : bounded (cons G Y _) X <- precedes Y X <- bounded G Y.

ordered : ctx -> type.

ordered/nil : ordered nil.ordered/cons : ordered (cons G X _) <- bounded G X.

27

Lookup

• Lemma: if lookup G X A then ordered G.

lookup : ctx -> exp -> tp -> type.

lookup/hit : lookup (cons G X A) X A <- bounded G X.

lookup/miss : lookup (cons G Y _) X A <- bounded G Y <- lookup G X A.

28

Semantics

ofe/closed : ofe G M A <- of M A <- ordered G.

ofe/lam : ofe G (lam A ([x] M x)) (arrow A B) <- ({x:exp} isvar x I -> ofe (cons G x A) (M x) B).

29

Usage

• When combined, these theorems allow us to do proofs for the implicit system.– Convert to explicit form.– Perform the desired proof.– Convert back to implicit form.

30

Substitution theorem

• Before:– If ⊢ M : A

and , x:A ⊢ N : Bthen ⊢ [M/x] N : B

• Now:– If ⊢ M : A

and 1, x:A, 2 ⊢ N : Bthen 1, 2 ⊢ [M/x] N : B

31

Substitution theorem in Twelf

• If ({x} append (cons G1 x A) G2 (G

x))and append G1 G2 G’and ofe G1 M Aand ({x} isvar x I -> ofe (G x) (N x) B)then ofe G’ (N M) B

32

Context Lemmas

• If lookup G X A then X is not a lambda or application.– That is, contexts bind only variables.

• If ({x} append (cons G1 x A) G2 (G x))

and ({x} isvar x I -> lookup (G x) x B)

then tp-eq A B.– That is, contexts bind distinct variables.

33

Translation to implicit form

• If ofe nil M Athen of M A

• Proof is not very hard.

34

Translation to explicit form

• If of M Athen ofe nil M A

• Proof is tricky.– This is the enabling technical achievement.

35

Cut elimination

• Main lemma is a form of cut elimination.– Cut explicit-context “lookup” against

implicit-context “of” assumption.– Prove simultaneously for cuts into of and ofe.

• If ({x} of x A -> of (M x) B)and ({x} isvar x I -> lookup (G x) x A)then ({x} isvar x I -> ofe (G x) (M x) B)

36

Conclusion

• General technique for proofs involving:– A distinguished bound variable– Dependent types

• Used in type safety proof for SML IL.– See Daniel Lee’s talk this afternoon.

• Not an extension to LF.

• Not a new representation technique:– Still use higher-order syntax and judgements.