nominal reasoning techniques in coq (work in...
TRANSCRIPT
![Page 1: Nominal Reasoning Techniques in Coq (Work in Progress)sweirich/papers/nominal-coq/presentation.pdfWhat is nominal reasoning (in Coq)? Using names for both bound and free variables](https://reader033.vdocuments.pub/reader033/viewer/2022052104/603fb45c3ab2e917cc42bc12/html5/thumbnails/1.jpg)
Nominal Reasoning Techniques in Coq
(Work in Progress)
Brian AydemirAaron Bohannon Stephanie Weirich
University of Pennsylvania
16 August 2006
![Page 2: Nominal Reasoning Techniques in Coq (Work in Progress)sweirich/papers/nominal-coq/presentation.pdfWhat is nominal reasoning (in Coq)? Using names for both bound and free variables](https://reader033.vdocuments.pub/reader033/viewer/2022052104/603fb45c3ab2e917cc42bc12/html5/thumbnails/2.jpg)
What is nominal reasoning (in Coq)?
u Using names for both bound and free variables
λx. x y → lam (app 0 1) 6lam (app 0 (var y)) 6lam x (app (var x) (var y)) 4
u Using “built-in” equality to represent α-equality
1+ 1 = 2 lam x (var x) = lam y (var y)
u Minimizing the need to rename bound variables
2
![Page 3: Nominal Reasoning Techniques in Coq (Work in Progress)sweirich/papers/nominal-coq/presentation.pdfWhat is nominal reasoning (in Coq)? Using names for both bound and free variables](https://reader033.vdocuments.pub/reader033/viewer/2022052104/603fb45c3ab2e917cc42bc12/html5/thumbnails/3.jpg)
How to implement this in Coq?
u lam is not injective!
lam x (var x) = lam y (var y) 6→ x = y
u Therefore, can’t use native inductive datatypes.
Inductive tm : Set :=| var : tmvar → tm| app : tm → tm → tm| lam : tmvar → tm → tm.
3
![Page 4: Nominal Reasoning Techniques in Coq (Work in Progress)sweirich/papers/nominal-coq/presentation.pdfWhat is nominal reasoning (in Coq)? Using names for both bound and free variables](https://reader033.vdocuments.pub/reader033/viewer/2022052104/603fb45c3ab2e917cc42bc12/html5/thumbnails/4.jpg)
Our solution
u Axiomatize everything.
u Similar in spirit to Gordon-Melham axioms.
u Types and constructors:
Parameter tmvar : AtomT.Parameter tm : Set.
Parameter var : tmvar → tm.Parameter app : tm → tm → tm.Parameter lam : tmvar → tm → tm.
4
![Page 5: Nominal Reasoning Techniques in Coq (Work in Progress)sweirich/papers/nominal-coq/presentation.pdfWhat is nominal reasoning (in Coq)? Using names for both bound and free variables](https://reader033.vdocuments.pub/reader033/viewer/2022052104/603fb45c3ab2e917cc42bc12/html5/thumbnails/5.jpg)
System description
Tool
Signature
Soundness proof
Language spec.
5
![Page 6: Nominal Reasoning Techniques in Coq (Work in Progress)sweirich/papers/nominal-coq/presentation.pdfWhat is nominal reasoning (in Coq)? Using names for both bound and free variables](https://reader033.vdocuments.pub/reader033/viewer/2022052104/603fb45c3ab2e917cc42bc12/html5/thumbnails/6.jpg)
System description
Tool
Signature
Soundness proof
Language spec.
High-level description language may be similar toFresh O’Caml, Cαml, Isabelle/HOL-Nominal
6
![Page 7: Nominal Reasoning Techniques in Coq (Work in Progress)sweirich/papers/nominal-coq/presentation.pdfWhat is nominal reasoning (in Coq)? Using names for both bound and free variables](https://reader033.vdocuments.pub/reader033/viewer/2022052104/603fb45c3ab2e917cc42bc12/html5/thumbnails/7.jpg)
System description
Isabelle/HOL
package
Signature in HOL
Soundness proof
Language spec.
Nominal datatype package for Isabelle/HOL[Berghofer and Urban, 2006]
7
![Page 8: Nominal Reasoning Techniques in Coq (Work in Progress)sweirich/papers/nominal-coq/presentation.pdfWhat is nominal reasoning (in Coq)? Using names for both bound and free variables](https://reader033.vdocuments.pub/reader033/viewer/2022052104/603fb45c3ab2e917cc42bc12/html5/thumbnails/8.jpg)
System description
Tool
Signature in Coq
Soundness proof
Language spec.
Today: Nominal reasoning in Coq
8
![Page 9: Nominal Reasoning Techniques in Coq (Work in Progress)sweirich/papers/nominal-coq/presentation.pdfWhat is nominal reasoning (in Coq)? Using names for both bound and free variables](https://reader033.vdocuments.pub/reader033/viewer/2022052104/603fb45c3ab2e917cc42bc12/html5/thumbnails/9.jpg)
Signature in Coq
u Types and constructors:Parameter tmvar : AtomT.Parameter tm : Set.
Parameter var : tmvar → tm.Parameter app : tm → tm → tm.Parameter lam : tmvar → tm → tm.
u Axioms for discrimination:∀ x s t, var x ≠ app s t
u Axioms for injectivity:∀ x x′, var x = var x′ → x = x′
9
![Page 10: Nominal Reasoning Techniques in Coq (Work in Progress)sweirich/papers/nominal-coq/presentation.pdfWhat is nominal reasoning (in Coq)? Using names for both bound and free variables](https://reader033.vdocuments.pub/reader033/viewer/2022052104/603fb45c3ab2e917cc42bc12/html5/thumbnails/10.jpg)
Properties of lam
u Alpha-equivalence:∀ x y t, y ∉ fvar t →lam x t = lam y ((y,x) • t)
u Eliminating an equality:∀ x x′ t t′, lam x t = lam x′ t′ →(x = x′ ∧ t = t′)∨(x ≠ x′ ∧ x ∉ fvar t′ ∧ t = (x,x′) • t′)
u (y,x) • t denotes a swap, which we take fromNominal Logic.
10
![Page 11: Nominal Reasoning Techniques in Coq (Work in Progress)sweirich/papers/nominal-coq/presentation.pdfWhat is nominal reasoning (in Coq)? Using names for both bound and free variables](https://reader033.vdocuments.pub/reader033/viewer/2022052104/603fb45c3ab2e917cc42bc12/html5/thumbnails/11.jpg)
Properties of lam (cont.)
u Free variables:∀ x t, fvar (lam x t) = (fvar t) \ {x}
u Swapping:∀ a b x t,(a,b) • (lam x t) = lam ((a,b) • x) ((a,b) • t)
11
![Page 12: Nominal Reasoning Techniques in Coq (Work in Progress)sweirich/papers/nominal-coq/presentation.pdfWhat is nominal reasoning (in Coq)? Using names for both bound and free variables](https://reader033.vdocuments.pub/reader033/viewer/2022052104/603fb45c3ab2e917cc42bc12/html5/thumbnails/12.jpg)
Structural induction
∀ (P : tm → Prop) (F : aset tmvar),(∀ x, P (var x)) →(∀ t u, P t → P u → P (app t u)) →(∀ x t, x ∉ F → P t → P (lam x t)) →∀ t, P t.
u In the lam case, we only need to considersuitably fresh names x.
u This is equivalent to the principle that omits F.
12
![Page 13: Nominal Reasoning Techniques in Coq (Work in Progress)sweirich/papers/nominal-coq/presentation.pdfWhat is nominal reasoning (in Coq)? Using names for both bound and free variables](https://reader033.vdocuments.pub/reader033/viewer/2022052104/603fb45c3ab2e917cc42bc12/html5/thumbnails/13.jpg)
Using the signature
u Proofs using this signature seem natural.
u We can use our induction principle to prove:
∀ y x t, y ∉ fvar t → t [y := s] = t
u Proof: By induction on t.Choose “F” to be {y} ∪ fvar s.
13
![Page 14: Nominal Reasoning Techniques in Coq (Work in Progress)sweirich/papers/nominal-coq/presentation.pdfWhat is nominal reasoning (in Coq)? Using names for both bound and free variables](https://reader033.vdocuments.pub/reader033/viewer/2022052104/603fb45c3ab2e917cc42bc12/html5/thumbnails/14.jpg)
Example proof: Property about substitution
In the lam case:
y ∉ fvar (lam x t)x ∉ {y} ∪ fvar sy ∉ fvar t → t [y := s] = t(lam x t) [y := s] = lam x t
14
![Page 15: Nominal Reasoning Techniques in Coq (Work in Progress)sweirich/papers/nominal-coq/presentation.pdfWhat is nominal reasoning (in Coq)? Using names for both bound and free variables](https://reader033.vdocuments.pub/reader033/viewer/2022052104/603fb45c3ab2e917cc42bc12/html5/thumbnails/15.jpg)
Example proof: Property about substitution
In the lam case:
y ∉ fvar (lam x t)x ≠ y ∧ x ∉ fvar sy ∉ fvar t → t [y := s] = t(lam x t) [y := s] = lam x t
Next, since:∀ x y t s, x ≠ y → x ∉ fvar s →(lam x t) [y := s] = lam x (t [y := s])
15
![Page 16: Nominal Reasoning Techniques in Coq (Work in Progress)sweirich/papers/nominal-coq/presentation.pdfWhat is nominal reasoning (in Coq)? Using names for both bound and free variables](https://reader033.vdocuments.pub/reader033/viewer/2022052104/603fb45c3ab2e917cc42bc12/html5/thumbnails/16.jpg)
Example proof: Property about substitution
In the lam case:
y ∉ fvar (lam x t)x ≠ y ∧ x ∉ fvar sy ∉ fvar t → t [y := s] = tlam x (t [y := s]) = lam x t
Next, recalling that:∀ x t, fvar (lam x t) = (fvar t) \ {x}
16
![Page 17: Nominal Reasoning Techniques in Coq (Work in Progress)sweirich/papers/nominal-coq/presentation.pdfWhat is nominal reasoning (in Coq)? Using names for both bound and free variables](https://reader033.vdocuments.pub/reader033/viewer/2022052104/603fb45c3ab2e917cc42bc12/html5/thumbnails/17.jpg)
Example proof: Property about substitution
In the lam case:
y ∉ (fvar t) \ {x}x ≠ y ∧ x ∉ fvar sy ∉ fvar t → t [y := s] = tlam x (t [y := s]) = lam x t
17
![Page 18: Nominal Reasoning Techniques in Coq (Work in Progress)sweirich/papers/nominal-coq/presentation.pdfWhat is nominal reasoning (in Coq)? Using names for both bound and free variables](https://reader033.vdocuments.pub/reader033/viewer/2022052104/603fb45c3ab2e917cc42bc12/html5/thumbnails/18.jpg)
Example proof: Property about substitution
In the lam case:
y = x ∨ y ∉ fvar sx ≠ y ∧ x ∉ fvar sy ∉ fvar t → t [y := s] = tlam x (t [y := s]) = lam x t
18
![Page 19: Nominal Reasoning Techniques in Coq (Work in Progress)sweirich/papers/nominal-coq/presentation.pdfWhat is nominal reasoning (in Coq)? Using names for both bound and free variables](https://reader033.vdocuments.pub/reader033/viewer/2022052104/603fb45c3ab2e917cc42bc12/html5/thumbnails/19.jpg)
Example proof: Property about substitution
In the lam case:
y = xx ≠ y ∧ x ∉ fvar sy ∉ fvar t → t [y := s] = tlam x (t [y := s]) = lam x t
y ∉ fvar tx ≠ y ∧ x ∉ fvar sy ∉ fvar t → t [y := s] = tlam x (t [y := s]) = lam x t
19
![Page 20: Nominal Reasoning Techniques in Coq (Work in Progress)sweirich/papers/nominal-coq/presentation.pdfWhat is nominal reasoning (in Coq)? Using names for both bound and free variables](https://reader033.vdocuments.pub/reader033/viewer/2022052104/603fb45c3ab2e917cc42bc12/html5/thumbnails/20.jpg)
Some questions
Given our signature for the untyped λ-calculus:
1. Is this signature sound?
2. How do we define functions over terms?
3. What should be in this signature?
20
![Page 21: Nominal Reasoning Techniques in Coq (Work in Progress)sweirich/papers/nominal-coq/presentation.pdfWhat is nominal reasoning (in Coq)? Using names for both bound and free variables](https://reader033.vdocuments.pub/reader033/viewer/2022052104/603fb45c3ab2e917cc42bc12/html5/thumbnails/21.jpg)
Is our signature sound?
u We model our signature using a locallynameless representation for terms.
u We do require two axioms.1. Proof irrelevance2. Extensional equality on functions
21
![Page 22: Nominal Reasoning Techniques in Coq (Work in Progress)sweirich/papers/nominal-coq/presentation.pdfWhat is nominal reasoning (in Coq)? Using names for both bound and free variables](https://reader033.vdocuments.pub/reader033/viewer/2022052104/603fb45c3ab2e917cc42bc12/html5/thumbnails/22.jpg)
An operator for primitive recursion
Parameter tm_rec :∀ R : Set,∀ fv : tmvar → R,∀ fa : tm → R → tm → R → R,∀ fl : tmvar → tm → R → R,∀ F : aset tmvar,(supports F (fv, fa, fl)) →(∃ b, (b ∉ F ∧
∀ x y, b ] (fl b x y))) →(tm → R).
Return type of the function being constructed.22
![Page 23: Nominal Reasoning Techniques in Coq (Work in Progress)sweirich/papers/nominal-coq/presentation.pdfWhat is nominal reasoning (in Coq)? Using names for both bound and free variables](https://reader033.vdocuments.pub/reader033/viewer/2022052104/603fb45c3ab2e917cc42bc12/html5/thumbnails/23.jpg)
An operator for primitive recursion
Parameter tm_rec :∀ R : Set,∀ fv : tmvar → R,∀ fa : tm → R → tm → R → R,∀ fl : tmvar → tm → R → R,∀ F : aset tmvar,(supports F (fv, fa, fl)) →(∃ b, (b ∉ F ∧
∀ x y, b ] (fl b x y))) →(tm → R).
Functions for each case.23
![Page 24: Nominal Reasoning Techniques in Coq (Work in Progress)sweirich/papers/nominal-coq/presentation.pdfWhat is nominal reasoning (in Coq)? Using names for both bound and free variables](https://reader033.vdocuments.pub/reader033/viewer/2022052104/603fb45c3ab2e917cc42bc12/html5/thumbnails/24.jpg)
An operator for primitive recursion
Parameter tm_rec :∀ R : Set,∀ fv : tmvar → R,∀ fa : tm → R → tm → R → R,∀ fl : tmvar → tm → R → R,∀ F : aset tmvar,(supports F (fv, fa, fl)) →(∃ b, (b ∉ F ∧
∀ x y, b ] (fl b x y))) →(tm → R).
Side conditions about names. [Pitts, 2006]24
![Page 25: Nominal Reasoning Techniques in Coq (Work in Progress)sweirich/papers/nominal-coq/presentation.pdfWhat is nominal reasoning (in Coq)? Using names for both bound and free variables](https://reader033.vdocuments.pub/reader033/viewer/2022052104/603fb45c3ab2e917cc42bc12/html5/thumbnails/25.jpg)
An operator for primitive recursion
Parameter tm_rec :∀ R : Set,∀ fv : tmvar → R,∀ fa : tm → R → tm → R → R,∀ fl : tmvar → tm → R → R,∀ F : aset tmvar,(supports F (fv, fa, fl)) →(∃ b, (b ∉ F ∧
∀ x y, b ] (fl b x y))) →(tm → R).
Final result: A non-dependent function.25
![Page 26: Nominal Reasoning Techniques in Coq (Work in Progress)sweirich/papers/nominal-coq/presentation.pdfWhat is nominal reasoning (in Coq)? Using names for both bound and free variables](https://reader033.vdocuments.pub/reader033/viewer/2022052104/603fb45c3ab2e917cc42bc12/html5/thumbnails/26.jpg)
An operator for primitive recursion (cont.)
Key property:
∀ R fv fa fl F H J,let g := (tm_rec R fv fa fl F H J) in∀ x t, x ∉ F →g (lam x t) = fl x t (g t).
We can always swap names to make this rule apply.
26
![Page 27: Nominal Reasoning Techniques in Coq (Work in Progress)sweirich/papers/nominal-coq/presentation.pdfWhat is nominal reasoning (in Coq)? Using names for both bound and free variables](https://reader033.vdocuments.pub/reader033/viewer/2022052104/603fb45c3ab2e917cc42bc12/html5/thumbnails/27.jpg)
Example: Substitution
Defining (_ [y := s]):
u Take fl to be (fun x t r ⇒ lam x r).
u Take F to be {y} ∪ fvar s.
Then
∀ x t, x ∉ F →g (lam x t) = fl x t (g t).
becomes
∀ x t, x ∉ {y} ∪ fvar s →(lam x t) [y := s] = lam x (t [y := s]).
27
![Page 28: Nominal Reasoning Techniques in Coq (Work in Progress)sweirich/papers/nominal-coq/presentation.pdfWhat is nominal reasoning (in Coq)? Using names for both bound and free variables](https://reader033.vdocuments.pub/reader033/viewer/2022052104/603fb45c3ab2e917cc42bc12/html5/thumbnails/28.jpg)
Example: Substitution
Defining (_ [y := s]):
u Take fl to be (fun x t r ⇒ lam x r).
u Take F to be {y} ∪ fvar s.
Then
∀ x t, x ∉ F →g (lam x t) = fl x t (g t).
becomes
∀ x t, x ≠ y → x ∉ fvar s →(lam x t) [y := s] = lam x (t [y := s]).
28
![Page 29: Nominal Reasoning Techniques in Coq (Work in Progress)sweirich/papers/nominal-coq/presentation.pdfWhat is nominal reasoning (in Coq)? Using names for both bound and free variables](https://reader033.vdocuments.pub/reader033/viewer/2022052104/603fb45c3ab2e917cc42bc12/html5/thumbnails/29.jpg)
What should be in our signature?
u We need the following:u Types and constructorsu Injection and discrimination theoremsu Alpha-equivalenceu Free variables and swappingu Induction principleu Recursion operator
u Also include functions like substitution.
u We’ll want to automatically generate more.u Specialized induction principlesu Inversion principles for relations
29
![Page 30: Nominal Reasoning Techniques in Coq (Work in Progress)sweirich/papers/nominal-coq/presentation.pdfWhat is nominal reasoning (in Coq)? Using names for both bound and free variables](https://reader033.vdocuments.pub/reader033/viewer/2022052104/603fb45c3ab2e917cc42bc12/html5/thumbnails/30.jpg)
Conclusions
u We’ve shown how “nominal reasoning”can work in Coq.
u Using names for bound and free variablesu No separate α-equivalence relationu Minimal need for name swapping
u Definitions and proofs follow informal practice.
u Future work: tool support, dependent swapping
30