Komponenten- und Service-orientierte Softwarekonstruktion

Komponenten- und Service-orientierte Softwarekonstruktion

Lecture 4: Inhabitation in λ

Jakob Rehof

LS XIV – Software Engineering

TU Dortmund Sommersemester 2015

Curry-Howard isomorphism

Γ, x :τ ` x :τ (var)

Γ, x :τ ` M :σ Γ ` λx.M :τ → σ (→I)

Γ ` M :τ → σ Γ ` N :τ

Γ ` M N :σ (→E)

Curry-Howard isomorphism

Γ, τ `τ(hyp)

Γ, τ `σ Γ`τ→σ(DT) Γ`τ→σ Γ`τ

Γ`σ (MP)

Exercise 1

LetΓ ={τ1, . . . , τn}. Prove that, ifΓ`σthenτ1→ · · · →τn→σis boolean tautology, when→is interpreted as implication.

So, inhabitation isprovabilityin intuitionistic propositional logic.

Alternating Turing machines (ATM)

Analternating Turing machine is a tupleM= (Σ, Q, q0, qa, qr,∆). The set of states Q=Q∃ ] Q∀is partitioned into a setQ∃ of existential states and a setQ∀of universal states. There is an initial stateq0∈Q, an accepting stateqa∈Q∀, and a rejecting stateqr∈Q∃. We takeΣ ={0,1, }, where is the blank symbol (used to initialize the tape but not written by the machine).

The transition relation∆satisfies

∆⊆Σ×Q×Σ×Q× {l,r},

whereh∈ {l,r}are the moves of the machine head (left and right). Forb∈Σand q∈Q, we write∆(b, q) ={(c, p, h)|(b, q, c, p, h)∈∆}. We assume

∆(b, qa) = ∆(b, qr) =∅, for allb∈Σ, and∆(b, q)6=∅forq∈Q\ {qa, qr}.

Alternating Turing machines (ATM)

AconfigurationC ofMis a wordwqw⁰withq∈Qandw, w⁰∈Σ^∗. Thesuccessor relationC ⇒ C⁰on configurations is defined as usual, according to∆. We classify a configurationwqw⁰asexistential,universal,acceptingetc., according toq.

The notion ofeventually accepting configuration is defined by induction (i.e., the set of all eventually accepting configurations is the smallest set satisfying the following closure conditions):

An accepting configuration is eventually accepting.

IfCis existential and some successor ofC is eventually accepting then so isC.

IfCis universal and all successors ofC are eventually accepting then so isC.

Alternating Turing machines (ATM)

We use the notation for instruction sequences starting from existential states choosex∈A

and instruction sequences starting from universal states forall(i= 1. . . k)Si

A command of the formchoosex∈Abranches from an existential state to successor states in whichxgets assigned distinct elements ofA. A command of the form forall(i= 1. . . k)Si branches from a universal state to successor states from which each instruction sequenceSiis executed.

Alternating complexity

Some alternating complexity classes:

aptime:=S

k>0atime(n^k) apspace:=S

k>0aspace(n^k) aexptime:=S

k>0atime(kⁿ)

Theorem 1 (Chandra, Kozen, Stockmeyer 1981)

aptime=pspace apspace=exptime aexptime=expspace

Inhabitation in λ

is Pspace -complete

We will give a detailed proof of Statman’s Theorem: inhabitation in λ

is Pspace -complete. This result was first proven in [Statman, 1979] (using, among other things, results of Ladner [Ladner, 1977]).

Our proof follows [Urzyczyn, 1997] (see also

[Sørensen and Urzyczyn, 2006]) where a syntactic approach was used, and

where alternation is used to simplify the proof.

Inhabitation in λ

: upper bound

Notice that every typeτ ofλ^→can be written on the formτ ≡τ1→ · · ·τn→a,n≥0, whereais an atom (either a type variable or a type constant).

Notice that every application context can be written on the formxP1· · ·Pnfor some maximaln≥0.

An explicitly typedλ-termM is inη-long normal formif it is aβ-normal form and every maximal application inM has the formx^{τ1→···→τn→a}P₁^τ1· · ·Pn^τn. In other words, in such terms applications are fully applied according to the type of the operator.

Notice that every typedβ-normal form of typeτ can be converted intoη-long normal form: any subterm occurrence of a maximal applicationQ^σ→ρcan be converted into λx:σ.Qxwherex6∈FV(Q).

SetΓ(x:τ) = Γ, if there existsy∈Dm(Γ)withΓ(y) =τ, and otherwise Γ(x:τ) = Γ∪ {(x:τ)}.

Inhabitation in λ

: upper bound

Algorithm INH(λ^→)

Input: Γ, τ

loop: 1 if(τ ≡a) 2 then

3 choose(x:σ1→ · · · →σn→a)∈Γ;

4 if(n= 0)then accept;

5 else

6 forall(i= 1. . . n)

7 τ :=σi;

8 gotoloop;

9 else if(τ ≡σ→ρ) 10 then

11 Γ := Γ(y:σ)whereyis fresh;

12 τ :=ρ;

Inhabitation in λ

: upper bound

Proposition 1

Inhabitation inλ^→ is inpspace.

Proof.

By algorithm INH(λ^→). Clearly, the algorithm performs exhaustive search forη-long normal form inhabitants. The algorithm decides inhabitation inλ^→in polynomial space.

For consider configurations(Γ, τ)arising during an entire run of the algorithm on input (Γ0, τ0). Notice thatΓandτ always only contain types that are subtrees of types present in the previous values ofΓandτ (line7and line11). Since a tree of sizemhas mdistinct subtrees, the set of distinct configurations(Γ, τ)can be bounded byn², wherenis the size of the input. Hence, the algorithm shows that the problem is in aptime, which ispspaceby Theorem 1.

Inhabitation in λ

: lower bound

Reduction from provability of quantified boolean fomulaeφ, χ, ψ:

φ::=p| ¬φ|φ∧ψ|φ∨ψ| ∀p.φ| ∃p.φ

We can assume w.l.o.g. that negation is only applied to propositional variablespinφ, that all bound variables are distinct and that no variable occurs both free and bound.

Inhabitation in λ

: lower bound

Given formulaφ, construct type environmentΓφby induction onφ:

For each propositional variablepinφ, letαpandα¬pbe fresh type variables. For each subformulaψ, letαψ be fresh type variables.

Ifφ≡p, thenΓφ=∅.

Ifφ≡ ¬p, thenΓφ=∅.

Ifφ≡χ∧ψ, thenΓφ= Γχ∪Γψ∪ {xφ:αχ→αψ →αχ∧ψ}.

Ifφ≡χ∨ψ, thenΓφ= Γχ∪Γψ∪ {x^l_φ:αχ→αχ∨ψ, x^r_φ:αψ→αχ∨ψ}.

Ifφ≡ ∀p.ψ, thenΓφ= Γψ∪ {xφ: (αp→αψ)→(α¬p→αψ)→α∀p.ψ}.

Ifφ≡ ∃p.ψ, then

Γφ= Γψ∪ {x⁰_φ: (αp→αψ)→α∃p.ψ, x¹_φ: (α¬p→αψ)→α∃p.ψ}.

Assume that indices corresponding to distinct subformula occurrences are distinct.

Inhabitation in λ

: lower bound

A valuationvis a map from propositional variables to truth values in{0,1}.

For a formulaφand a valuationv, letΓ^v_φbe the extension ofΓφ: Γ^vφ= Γφ∪ [

p∈Dm(v)

{xp:hαi^pv}

wherehαi^p_v=αpifv(p) = 1andhαi^p_v=α¬pifv(p) = 0.

A valuation of a formulaφis a valuation defined on the free variables ofφ.

We writev⊕[p:=b]for the extension ofvmappingptob∈ {0,1}.

We writeΓ6`τ as abbreviation for¬∃M.Γ`M :τ.

Inhabitation in λ

: lower bound

We letJφKvdenote the truth value ofφunder valuationv, defined by induction onφ:

JpKv = v(p)

J¬pKv = 0,ifv(p) = 1,else1 Jψ∧χKv = min{JψKv,JχKv}

Jψ∨χKv = max{JψKv,JχKv}

J∀p.ψKv = min{JψKv⊕[p:= 1],JψKv⊕[p:= 0]}

J∃p.ψKv = max{JψKv⊕[p:= 1],JψKv⊕[p:= 0]}

Assume w.l.o.g. that formulaeφhave negation signs only applied to propositional variables.

Inhabitation in λ

: lower bound

Lemma 2

For every formulaφand every valuationvofφ, one has JφKv= 1 ⇔ ∃M.Γ^vφ`M :αφ

Proof

By induction onφ.

Caseφ≡p. IfJpKv= 1, i.e.,v(p) = 1, thenΓ^v_φ={x^vp:αp}, soΓ^v_φ`x<sup>v</sup><sub>p</sub>:αp. If Γ<sup>v</sup><sub>φ</sub>`M:αp, then, by construction ofΓ^v_φ, it must be the case thatΓ^v_φ={x^vp:αp}, so thatv(p) = 1.

Caseφ≡ ¬p. Similar to previous case.

Inhabitation in λ

: lower bound

Proof(continued) Caseφ≡χ∧ψ

IfJφKv= 1, thenJχKv=JψKv= 1. By induction hypothesis,Γ^vχ`M :αχand Γ<sup>v</sup><sub>ψ</sub>`N:αψ, for someM andN. It follows thatΓ^v_χ∧ψ`xχ∧ψM N:αχ∧ψ. IfJφKv= 0, thenJχKv= 0orJψKv= 0. IfJχKv= 0, then by induction hypothesis, Γ<sup>v</sup>χ6`αχ, hence by construction ofΓ^vφ, we must haveΓ^vφ6`αχ. It follows that Γ<sup>v</sup><sub>φ</sub>6`αχ∧ψ. The case whereJψKv= 0is analogous.

Inhabitation in λ

: lower bound

Proof(continued) Caseφ≡ ∀p.ψ

IfJφKv= 1, thenJψKv0=JψKv1= 1, wherev0=v⊕[p:= 0]andv1=v⊕[p:= 1]. By induction hypothesis, we haveΓ^v_ψ⁰`M :αψ andΓ<sup>v</sup><sub>ψ</sub><sup>1</sup> `N:αψ, for someM andN, which (by definitions) can also be written asΓ^v_φ∪ {xp:α¬p} `M:αψ and Γ<sup>v</sup><sub>φ</sub>∪ {xp:αp} `N:αψ. Hence,Γ^v_φ`λxp:α¬p.M:α¬p→αψ and Γ<sup>v</sup><sub>φ</sub>`λxp:αp.N:αp→αψ. It follows that we have

Γ^vφ`xφ(λxp:αp.N)(λxp:α¬p.M) :αφ

Inhabitation in λ

: lower bound

Proof(continued) Caseφ≡ ∀p.ψ

IfJφKv= 0, then either we haveJψKv⊕[p:= 0] = 0orJψKv⊕[p:= 1] = 0. Suppose that the former is the case. Then, by induction hypothesis, we haveΓ^v_ψ⁰ 6`αψ, where v0=v⊕[p:= 0]. Hence, by definitions, we haveΓψ∪ {xp:α¬p} 6`αψ. By construction ofΓ^v_φ, it follows that we haveΓ^v_φ6`αφ. The case where JψKv⊕[p:= 1] = 0is analogous.

Inhabitation in λ

: lower bound

Proof(continued)

Remaining cases are left as an exercise©

Proposition 2

Inhabitation inλ^→ ispspace-hard.

Proof.

In order to decide provability of QBF formulaφ, it suffices to ask whetherΓφ`? :αφ, by Lemma 2. Since the construction ofΓφcan be carried out in logarithmic space, the proposition follows.

Inhabitation in λ

Theorem 3 (Statman 1979)

Inhabitation inλ^→ ispspace-complete.

Proof.

By Proposition 1 and Proposition 2.

Ladner, R. (1977).

The Computational Complexity of Provability in Systems of Modal Propositional Logic.

SIAM J. Comput., 6(3):467 – 480.

Sørensen, M. and Urzyczyn, P. (2006).

Lectures on the Curry-Howard Isomorphism, volume 149 of Studies in Logic and the Foundations of Mathematics.

Elsevier.

Statman, R. (1979).

Intuitionistic Propositional Logic Is Polynomial-space Complete.

Theoretical Computer Science, 9:67–72.

Urzyczyn, P. (1997).

Inhabitation in Typed Lambda-Calculi (A Syntactic Approach).

In TLCA, volume 1210 of LNCS, pages 373–389. Springer.