csl 2013 "axiomatizing subtyped delimited continuations"
TRANSCRIPT
AxiomatizingSubtypedDelimited
Continuations
Marek Materzok
Introduction
Evaluation contexts
Delimited control
Shift0/$
Axioms
Proof
Sabry’s proof method
CGS translation
Typed version
Relationship withshift/reset
Conclusions
Axiomatizing Subtyped DelimitedContinuations
Marek MaterzokInstitute of Computer Science, University of Wroc law
CSL 2013Sep 4, 2013
AxiomatizingSubtypedDelimited
Continuations
Marek Materzok
Introduction
Evaluation contexts
Delimited control
Shift0/$
Axioms
Proof
Sabry’s proof method
CGS translation
Typed version
Relationship withshift/reset
Conclusions
Structure of the talk
I Short introduction to continuations
I Introduction to shift0/$ operators
I The axioms
I The proof method
I The typed version
I Conclusion
This is a continuation of our previous work (ICFP’11,APLAS’12).
AxiomatizingSubtypedDelimited
Continuations
Marek Materzok
Introduction
Evaluation contexts
Delimited control
Shift0/$
Axioms
Proof
Sabry’s proof method
CGS translation
Typed version
Relationship withshift/reset
Conclusions
What are continuations?
I Continuations are representations of the rest of theprogram execution.
I Control operators are a means of altering a program’scontrol flow.
I They can be thought of as capturing and restoring theprogram’s control stack, making continuations firstclass.
I The operator call/cc, which captures ,,full”continuations, is well known and implemented in e.g.Scheme and SML/NJ.
AxiomatizingSubtypedDelimited
Continuations
Marek Materzok
Introduction
Evaluation contexts
Delimited control
Shift0/$
Axioms
Proof
Sabry’s proof method
CGS translation
Typed version
Relationship withshift/reset
Conclusions
Evaluation contexts
Evaluation context is a ,,term with a hole”:
if sq(2) = 4 then 1 else 0
I cyan part – evaluation context
It is a formal representation of the continuation.
AxiomatizingSubtypedDelimited
Continuations
Marek Materzok
Introduction
Evaluation contexts
Delimited control
Shift0/$
Axioms
Proof
Sabry’s proof method
CGS translation
Typed version
Relationship withshift/reset
Conclusions
Partial evaluation contexts
One can consider partial contexts:
if sq(2) = 4 then 1 else 0
Partial context is a prefix of the full context.
I cyan part – evaluation context
I yellow part – partial evaluation context
AxiomatizingSubtypedDelimited
Continuations
Marek Materzok
Introduction
Evaluation contexts
Delimited control
Shift0/$
Axioms
Proof
Sabry’s proof method
CGS translation
Typed version
Relationship withshift/reset
Conclusions
Delimited control operators
I They allow to reify partial contexts as functions, just ascall/cc reifies entire contexts.
I Examples are Felleisen’s control/prompt and Danvy andFilinski’s shift/reset.
I Delimited control has lots of applications, includingasynchronous I/O, representing monads, Webprogramming, mobile code, linguistics, and so on.
AxiomatizingSubtypedDelimited
Continuations
Marek Materzok
Introduction
Evaluation contexts
Delimited control
Shift0/$
Axioms
Proof
Sabry’s proof method
CGS translation
Typed version
Relationship withshift/reset
Conclusions
Delimited control operators
Delimited control operators usually come in pairs:
I the delimiter, which marks where a context begins,
I capture operator, which reifies the context up to thedynamically nearest delimiter.
Example:
1 + 〈2 + Sf.f(f 3) 〉
AxiomatizingSubtypedDelimited
Continuations
Marek Materzok
Introduction
Evaluation contexts
Delimited control
Shift0/$
Axioms
Proof
Sabry’s proof method
CGS translation
Typed version
Relationship withshift/reset
Conclusions
Delimited control operators shift/reset
I The most known and well explored delimited controloperators.
I The shift operator captures the context up to (andincluding) the nearest delimiter and resumes executionin an empty context.
1 + 〈2 ∗ Sf. 3 + Sg.f(g 4) 〉
The term above evaluates to 15: f gets the yellow context,g gets the cyan one. Notice the “implicit” delimiter createdby a shift.
AxiomatizingSubtypedDelimited
Continuations
Marek Materzok
Introduction
Evaluation contexts
Delimited control
Shift0/$
Axioms
Proof
Sabry’s proof method
CGS translation
Typed version
Relationship withshift/reset
Conclusions
Delimited control operators shift0/reset0
I A variant of shift/reset operators (also by Danvy andFilinski).
I When shift0 executes, the execution resumes in thesurrounding context.
I This allows the shift0 operator to “reach” beyond thenearest surrounding delimiter.
1 + 〈2 + 〈3 + S0f.S0g.f (g (g 4)) 〉 〉
The term above evaluates to 12. (f gets theyellow context , g gets the cyan one .)
AxiomatizingSubtypedDelimited
Continuations
Marek Materzok
Introduction
Evaluation contexts
Delimited control
Shift0/$
Axioms
Proof
Sabry’s proof method
CGS translation
Typed version
Relationship withshift/reset
Conclusions
Delimited control operators shift0/$
I A variant of shift0/reset0 operators, inspired by Kiselyovand Shan’s work (TLCA’07).
I The $ operator is a delimiter with a “chain link” to afunction which is executed in place (not inside!) of thedelimiter when the delimited term evaluates completely.
(λx.x ∗ 2) $ (λx.x+ 1) $ 1 + S0f.S0g.f (g 2)
Evaluates to 6. (f gets the yellow context , g gets thecyan one .)
Reading tip: the $ operator is right-associative, binds weakerthan every other binary operator, but stronger than λ.
AxiomatizingSubtypedDelimited
Continuations
Marek Materzok
Introduction
Evaluation contexts
Delimited control
Shift0/$
Axioms
Proof
Sabry’s proof method
CGS translation
Typed version
Relationship withshift/reset
Conclusions
Bigger example (shift0/$)
(λx.x+ 2) $ (λy.S0f.f (f y)) $ 1 + S0g.2 ∗ g 1
The term above evaluates to 14:
I g gets the yellow context , which gets applied to 1,
I y gets the value 2,
I f gets the cyan context joined with 2 ∗ ,
I f (f y) gets evaluated.
AxiomatizingSubtypedDelimited
Continuations
Marek Materzok
Introduction
Evaluation contexts
Delimited control
Shift0/$
Axioms
Proof
Sabry’s proof method
CGS translation
Typed version
Relationship withshift/reset
Conclusions
Bigger example (shift0/$)
(λx.x+ 2) $ (λy.S0f.f (f y)) $ 1 + S0g.2 ∗ g 1
→(λx.x+ 2) $ 2 ∗ ((λy.S0f.f (f y)) $ 1 + 1)
The term above evaluates to 14:
I g gets the yellow context , which gets applied to 1,
I y gets the value 2,
I f gets the cyan context joined with 2 ∗ ,
I f (f y) gets evaluated.
AxiomatizingSubtypedDelimited
Continuations
Marek Materzok
Introduction
Evaluation contexts
Delimited control
Shift0/$
Axioms
Proof
Sabry’s proof method
CGS translation
Typed version
Relationship withshift/reset
Conclusions
Bigger example (shift0/$)
(λx.x+ 2) $ (λy.S0f.f (f y)) $ 1 + S0g.2 ∗ g 1
→(λx.x+ 2) $ 2 ∗ ((λy.S0f.f (f y)) $ 1 + 1)
→(λx.x+ 2) $ 2 ∗ (S0f.f (f 2))
The term above evaluates to 14:
I g gets the yellow context , which gets applied to 1,
I y gets the value 2,
I f gets the cyan context joined with 2 ∗ ,
I f (f y) gets evaluated.
AxiomatizingSubtypedDelimited
Continuations
Marek Materzok
Introduction
Evaluation contexts
Delimited control
Shift0/$
Axioms
Proof
Sabry’s proof method
CGS translation
Typed version
Relationship withshift/reset
Conclusions
Bigger example (shift0/$)
(λx.x+ 2) $ (λy.S0f.f (f y)) $ 1 + S0g.2 ∗ g 1
→(λx.x+ 2) $ 2 ∗ ((λy.S0f.f (f y)) $ 1 + 1)
→(λx.x+ 2) $ 2 ∗ (S0f.f (f 2))
→(λy.(λx.x+ 2) $ 2 ∗ y) ((λy.(λx.x+ 2) $ 2 ∗ y) 2)
The term above evaluates to 14:
I g gets the yellow context , which gets applied to 1,
I y gets the value 2,
I f gets the cyan context joined with 2 ∗ ,
I f (f y) gets evaluated.
AxiomatizingSubtypedDelimited
Continuations
Marek Materzok
Introduction
Evaluation contexts
Delimited control
Shift0/$
Axioms
Proof
Sabry’s proof method
CGS translation
Typed version
Relationship withshift/reset
Conclusions
Bigger example (shift0/$)
(λx.x+ 2) $ (λy.S0f.f (f y)) $ 1 + S0g.2 ∗ g 1
→(λx.x+ 2) $ 2 ∗ ((λy.S0f.f (f y)) $ 1 + 1)
→(λx.x+ 2) $ 2 ∗ (S0f.f (f 2))
→(λy.(λx.x+ 2) $ 2 ∗ y) ((λy.(λx.x+ 2) $ 2 ∗ y) 2)
→(λy.(λx.x+ 2) $ 2 ∗ y) 6→ 14
The term above evaluates to 14:
I g gets the yellow context , which gets applied to 1,
I y gets the value 2,
I f gets the cyan context joined with 2 ∗ ,
I f (f y) gets evaluated.
AxiomatizingSubtypedDelimited
Continuations
Marek Materzok
Introduction
Evaluation contexts
Delimited control
Shift0/$
Axioms
Proof
Sabry’s proof method
CGS translation
Typed version
Relationship withshift/reset
Conclusions
CPS semantics
The control operators can be interpreted in the lambdacalculus. This makes the continuations explicit.
JxK = λk.k xJλx.eK = λk.k (λx.JeK)Je1 e2K = λk.Je1K (λv1.Je2K (λv2.v1 v2 k))
JS0x.eK = λx.JeKJ〈e〉K = JeK (λx.λk.k x)
Je1 $ e2K = λk.Je1K (λv1.Je2K v1 k)
This interpretation is consistent with the operational viewpresented in previous slides: e1 → e2 implies Je1K =βη Je2K.
AxiomatizingSubtypedDelimited
Continuations
Marek Materzok
Introduction
Evaluation contexts
Delimited control
Shift0/$
Axioms
Proof
Sabry’s proof method
CGS translation
Typed version
Relationship withshift/reset
Conclusions
The goal
The operational view is not complete with respect to theCPS semantics. For example:
Jλf.(λx.x) $ 2 + f 1K=βη λk.k (λf.f 1 (λx.λk.k (2 + x)))
=βη Jλf.(λx.2 + x) $ f 1K
But there is no way to equalize the two terms using onlyoperational rules.
The goal: find a finite set of equational axioms defined onthe terms of shift0/reset0 (or shift0/$) such that
e1 =ax e2 iff Je1K =βη Je2K
AxiomatizingSubtypedDelimited
Continuations
Marek Materzok
Introduction
Evaluation contexts
Delimited control
Shift0/$
Axioms
Proof
Sabry’s proof method
CGS translation
Typed version
Relationship withshift/reset
Conclusions
The goal
The operational view is not complete with respect to theCPS semantics. For example:
Jλf.(λx.x) $ 2 + f 1K=βη λk.k (λf.f 1 (λx.λk.k (2 + x)))
=βη Jλf.(λx.2 + x) $ f 1K
But there is no way to equalize the two terms using onlyoperational rules.
The goal: find a finite set of equational axioms defined onthe terms of shift0/reset0 (or shift0/$) such that
e1 =ax e2 iff Je1K =βη Je2K
AxiomatizingSubtypedDelimited
Continuations
Marek Materzok
Introduction
Evaluation contexts
Delimited control
Shift0/$
Axioms
Proof
Sabry’s proof method
CGS translation
Typed version
Relationship withshift/reset
Conclusions
The axioms for shift0/reset0
(λx.e) v = e{v/x}λx.v x = v x 6∈ FV(v)
(λx.E[x]) e = E[e] x 6∈ FV(E)〈E[S0x.e]〉 = e{λx.〈E[x]〉/x} x 6∈ FV(E)
〈v〉 = vS0k.〈(λx.S0z.k x) e〉 = e k 6∈ FV(e)〈(λx.S0k.〈e1〉) e2〉 = 〈(λx.e1) e2〉 k 6∈ FV(e1)
AxiomatizingSubtypedDelimited
Continuations
Marek Materzok
Introduction
Evaluation contexts
Delimited control
Shift0/$
Axioms
Proof
Sabry’s proof method
CGS translation
Typed version
Relationship withshift/reset
Conclusions
The axioms for shift0/$
(λx.e) v = e{v/x}S0x.x $ e = e x 6∈ FV(e)λx.v x = v x 6∈ FV(v)
v $S0x.e = e{v/x}v1 $ v2 = v1 v2v $E[e] = (λx.v $E[x]) $ e
AxiomatizingSubtypedDelimited
Continuations
Marek Materzok
Introduction
Evaluation contexts
Delimited control
Shift0/$
Axioms
Proof
Sabry’s proof method
CGS translation
Typed version
Relationship withshift/reset
Conclusions
Proving completeness
I Proving soundness is easy. What about completeness?
I Proof for shift/reset: uses a restricted grammar for thetarget terms with six syntactic categories and an inversetranslation (Kameyama and Hasegawa, ICFP’03).
I Sabry introduced a technique for proving completenessfor various control operators, which involves anintermediate language. However, the technique was notsuccessfully applied for shift/reset.
I But it worked very well for shift0/$!
AxiomatizingSubtypedDelimited
Continuations
Marek Materzok
Introduction
Evaluation contexts
Delimited control
Shift0/$
Axioms
Proof
Sabry’s proof method
CGS translation
Typed version
Relationship withshift/reset
Conclusions
Taking care of shift0/reset0
I The shift0/reset0 operators are of equal expressivepower as shift0/$ (APLAS’12):
〈e〉 ≈ (λx.x) $ ee1 $ e2 ≈ (λw.〈(λv.S0k.w v) e2〉) e1
(I will be using 〈e〉 as a shorthand for (λx.x) $ e)
I It can be proved that the axioms for shift0/reset0 aresound and complete if and only if the axioms forshift0/$ are sound and complete.
AxiomatizingSubtypedDelimited
Continuations
Marek Materzok
Introduction
Evaluation contexts
Delimited control
Shift0/$
Axioms
Proof
Sabry’s proof method
CGS translation
Typed version
Relationship withshift/reset
Conclusions
Opaque CPS
I Opaque CPS translation is an abstract version of theCPS translation:
JxKo = get k.k xJλx.eKo = get k.k (λx.JeKo)Je1 e2Ko = get k.send (λv1.
send (λv2.send k (v1 v2)) Je2Ko) Je1Ko
I Uses abstract control operators (get and send), whichhave semantics consistent with β and η-conversions, forcontinuation passing:
send v get x.e =op e{v/x}get x.send x e =op e x 6∈ FV(e)
AxiomatizingSubtypedDelimited
Continuations
Marek Materzok
Introduction
Evaluation contexts
Delimited control
Shift0/$
Axioms
Proof
Sabry’s proof method
CGS translation
Typed version
Relationship withshift/reset
Conclusions
CGS translation
I The opaque CPS translation with the get and sendoperators implemented using some control operators iscalled a continuation-grabbing style (CGS) translation.
I The fact that CGS and CPS are both instances ofopaque CPS can be used for proving completeness.
I Can we find a CGS translation for shift0/$?
get x.e =def S0x.esend e1 e2 =def e1 $ e2
It’s that simple!
AxiomatizingSubtypedDelimited
Continuations
Marek Materzok
Introduction
Evaluation contexts
Delimited control
Shift0/$
Axioms
Proof
Sabry’s proof method
CGS translation
Typed version
Relationship withshift/reset
Conclusions
CGS translation
I The opaque CPS translation with the get and sendoperators implemented using some control operators iscalled a continuation-grabbing style (CGS) translation.
I The fact that CGS and CPS are both instances ofopaque CPS can be used for proving completeness.
I Can we find a CGS translation for shift0/$?
get x.e =def S0x.esend e1 e2 =def e1 $ e2
It’s that simple!
AxiomatizingSubtypedDelimited
Continuations
Marek Materzok
Introduction
Evaluation contexts
Delimited control
Shift0/$
Axioms
Proof
Sabry’s proof method
CGS translation
Typed version
Relationship withshift/reset
Conclusions
CGS translation for shift0/$
We get the following translation:
JxKg = S0k.k xJλx.eKg = S0k.k (λx.JeKg)Je1 e2Kg = S0k.(λv1.(λv2.k $ v1 v2) $ Je2Kg) $ Je1Kg
JS0x.eKg = S0x.JeKgJe1 $ e2Kg = S0k.(λv1.k $ v1 $ Je2Kg) $ Je1Kg
I e1 =g e2 implies e1 =ax e2;
I JeKg =ax e;
I therefore, if Je1Kg =g Je2Kg, then e1 =ax e2.
Completeness follows easily, with a minor hurdle.
AxiomatizingSubtypedDelimited
Continuations
Marek Materzok
Introduction
Evaluation contexts
Delimited control
Shift0/$
Axioms
Proof
Sabry’s proof method
CGS translation
Typed version
Relationship withshift/reset
Conclusions
Type system for shift0
I There are expressive and elegant type systems for bothshift0/reset0 (ICFP’11) and shift0/$ (APLAS’12).
I The type systems track how the terms manipulate theircontexts using effects. In particular, it distinguisheseffect-free terms from effectful ones.
I An important part of the type systems, which givesthem their expresiveness, is subtyping. It allows to useeffect-free terms in contexts permitting effects. (This isa simplification.)
AxiomatizingSubtypedDelimited
Continuations
Marek Materzok
Introduction
Evaluation contexts
Delimited control
Shift0/$
Axioms
Proof
Sabry’s proof method
CGS translation
Typed version
Relationship withshift/reset
Conclusions
Proofs in the typed setting
I The proofs can be adapted for the typed setting.
I In the adapted proofs, the subtyping is eliminated at theCGS stage: the CGS terms are fully explicit.
I The typed axioms are more permissive than the untypedones: value restriction is replaced by purity restriction.
AxiomatizingSubtypedDelimited
Continuations
Marek Materzok
Introduction
Evaluation contexts
Delimited control
Shift0/$
Axioms
Proof
Sabry’s proof method
CGS translation
Typed version
Relationship withshift/reset
Conclusions
K&H axioms in the typed setting
I The shift/reset operators can be embedded inshift0/reset0:
Sx.e =def S0x.〈e〉
I Using this embedding, the axioms of Kameyama andHasegawa are not validated in the untyped setting.
I The type system for shift/reset by Danvy and Filinskican be embedded into the type system for shift0/reset0.
I In the image of this embedding, the axioms ofKameyama and Hasegawa are valid.
AxiomatizingSubtypedDelimited
Continuations
Marek Materzok
Introduction
Evaluation contexts
Delimited control
Shift0/$
Axioms
Proof
Sabry’s proof method
CGS translation
Typed version
Relationship withshift/reset
Conclusions
K&H axioms in the untyped setting
I There is a different embedding of shift/reset in shift0/$:
Sx.e =def S0x.e{λy.S0f.S0g.(λz.g $ f z) $x y/x}〈e〉 =def S0f.S0g.(λx.g $ f x) $ 〈e〉
I The Kameyama and Hasegawa’s axioms are valid in theuntyped setting when using this embedding.
AxiomatizingSubtypedDelimited
Continuations
Marek Materzok
Introduction
Evaluation contexts
Delimited control
Shift0/$
Axioms
Proof
Sabry’s proof method
CGS translation
Typed version
Relationship withshift/reset
Conclusions
Conclusions
I The Sabry’s elegant proof method can be applied forshift0/$.
I The axioms for shift0/$ are simple and elegant.
I The axioms for shift0/reset0 can be proved completeusing the axioms for shift0/$.
I The proofs can be adapted to the typed version of thelanguages considered.
I The Kameyama and Hasegawa’s axioms for shift/resetare validated only in the typed setting (with the folkloreinterpretation of shift/reset).
AxiomatizingSubtypedDelimited
Continuations
Marek Materzok
Introduction
Evaluation contexts
Delimited control
Shift0/$
Axioms
Proof
Sabry’s proof method
CGS translation
Typed version
Relationship withshift/reset
Conclusions
Thank you!
Thank you for your attention!This work was funded by Polish NCN grant, and co-fundedby the European Social Fund.