Mysaa/m1-internship
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
m1-internship/report/M1Report.tex

394 lines
23 KiB
TeX
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

% !TeX spellcheck = en_US
\documentclass[10pt,a4paper]{article}
\include{./header.tex}
\title{Completeness Proof for different logical frameworks
\\[1ex] \large Notes on my 3 month internship at Faculty of Informatics (ELTE, Budapest)}
\hypersetup{pdftitle={Completeness Proof for different kinds of logical frameworks}}
\author{Samy Avrillon, supervised by
\\[1ex] Ambrus Kaposi (ELTE, Budapest)
\\[1ex] and Thorsten Altenkirsch (University of Notthingham, United Kingdom)}
\begin{document}
\doparttoc
\maketitle
\hsep
\tableofcontents
\newpage
\section{Introduction}
In the first place, i was supposed to do this internship in Nottingham (UK) with Thorsten Altenkirsh. But, because of administrative issues, i was not able to go there, and Thorsten Altenkirsh contacted Ambrus Kaposi in Budapest, whose university agreed to accept me. Therefore, i went to Budapest and i did the internship under the physical supervision of Ambrus Kaposi, and the remote supervision of Thorsten Altenkirsch.
The original subject of the internship was \enquote{Developping a simplified account of normalization by evaluation using the theory of categories with families}. But there was a lot to do, starting with learning how to use Agda.
\subsection{Introduction to the problem}
What i do call a \enquote{logic} is a set of definitions containing formulæ and a notion of provability of those formulæ, plus a set of operators/equalities to construct or reduce these rules. I have studied the most common logical frameworks, that is, Propositional Logic, First-order logic with infinitary predicates, and Predicate Logic. For each of those logics, one can define a notion of \emph{model}. A model of a certain kind of logic is something that implements all of the logic's definitions, operators and equalities. From all of those models, one can extract the \emph{initial model}, also called \emph{syntax}. It is the smallest of all models, which means that from any model of that logic, we have a morphism from the syntax to that model.
Then, our goal is for each logic to prove the completeness of a specific class of models. Completeness can be stated as such: \enquote{For any formula that is \emph{true} in all models of the specified class, then the formula has a proof in the syntax}. By being true in the model, one can understand that the formula has a proof from the model.
\subsection{Motivation}
\subsection{Structure of this report}
\section{A first account of Completeness and Normalization}
\subsection{Normalization for Propositional Logic}
\begin{figure}
\begin{tcolorbox}
\[
\begin{array}{lcl}
\For & : & \Set \\
- \implies - & : & \For \rightarrow \For \rightarrow \For\\
ι & : & \For \\
\\
\Pf & : & \For \rightarrow \Prop^+ \\
\lam & : & (\Pf A \rightarrow^+ \Pf B) \rightarrow \Pf (A \implies B)\\
\app & : & \Pf (A \implies B) \rightarrow (\Pf A \rightarrow \Pf B)
\end{array}
\]
\end{tcolorbox}
\caption{ZOL Sogat Presentation}
\label{fig:zol-sogat}
\end{figure}
\subsection{Normalization for Infinitary First Order Logic}
\begin{figure}
\begin{tcolorbox}
\[
\begin{array}{lcl}
\For & : & \Set \\
- \implies - & : & \For \rightarrow \For \rightarrow \For\\
\forall & : & (\operatorname{TM} \rightarrow \For) \rightarrow \For \\
\R & : & \operatorname{TM} \rightarrow \operatorname{TM} \rightarrow \For\\
\\
\Pf & : & \For \rightarrow \Prop^+ \\
\lam & : & (\Pf A \rightarrow^+ \Pf B) \rightarrow \Pf (A \implies B)\\
\app & : & \Pf (A \implies B) \rightarrow (\Pf A \rightarrow \Pf B)\\
\foralli & : & (t : \operatorname{TM} \rightarrow A\;t) \rightarrow \Pf (\forall A)\\
\foralle & : & \Pf (\forall A) \rightarrow (t : \operatorname{TM}) \rightarrow \Pf (A\;t)\\
\end{array}
\]
\end{tcolorbox}
\caption{ZOL Sogat Presentation}
\label{fig:ifol-sogat}
\end{figure}
\subsection{Merging the two proofs}
\section{Predicate Logic}
\subsection{SOGAT Presentation of Predicate Logic}
In order to find all the definitions, functions and more importantly, all the equations that a model of Predicate Logic has to verify, Ambrus gave me a Second Order Generalized Algebraic Theory (SOGAT) of the models. It goes as described in \autoref{fig:ffol-sogat}.
Why is this definition \enquote{Second Order} ? That's because some definitions are not strictly positive. These are the definitions of $\lam$ and $\foralli$. This SOGAT definition makes sense because of the ${}^+$ in $\Tm$ and $\Pf$ definitions, that indicates that those two objects should be \emph{locally representable}. It means that one can use \emph{term variables} and \emph{proof variables}.
We can notice that there is no equations in this SOGAT.
\begin{figure}
\begin{tcolorbox}
\[
\begin{array}{lcl}
\Tm & : & \Set^+ \\
\\
\For & : & \Set \\
- \implies - & : & \For \rightarrow \For \rightarrow \For\\
\forall & : & (\Tm \rightarrow \For) \rightarrow \For \\
\R & : & \Tm \rightarrow \Tm \rightarrow \For\\
\\
\Pf & : & \For \rightarrow \Prop^+ \\
\lam & : & (\Pf A \rightarrow^+ \Pf B) \rightarrow \Pf (A \implies B)\\
\app & : & \Pf (A \implies B) \rightarrow (\Pf A \rightarrow \Pf B)\\
\foralli & : & (t : \Tm \rightarrow^+ A\;t) \rightarrow \Pf (\forall A)\\
\foralle & : & \Pf (\forall A) \rightarrow (t : \Tm) \rightarrow \Pf (A\;t)\\
\end{array}
\]
\end{tcolorbox}
\caption{FFOL Sogat Presentation}
\label{fig:ffol-sogat}
\end{figure}
\subsection{Turning a SOGAT Presentation into a GAT}
But now, we want to encode in Agda a Sogat Algebra, which we can't do (for now), as Agda can only understand simple Generalized Algebraic Theories (or GAT).
In order to break this apparent strict positivity, we will translate every object of the SOGAT into a functor from a context category called $\bCon$. This context category shall have an initial object and two endo-mappings called \emph{context extensions}. They can be understood as adding to a context a proof variable or a term variable. We will also call \emph{substitutions} morphisms from the $\bCon$ category, and for a morphism $\sigma$ and a functor $F$, we will denote $\_\left[\sigma\right]$ the action of the functor on the morphism $\sigma$.
We will first define this category, its initial object, and every rule that these components should obey.
\begin{tcolorbox}
\vspace{-2ex}
\agda{agda/Con.tex}
\vspace{-7.5ex}
\end{tcolorbox}
We can now define terms, formulæ and proofs, which are functors from $\bCon$ to $\bSet$ (and proofs are a more complex functor from $\bCon$ to XXXXX). For each of them, we define the action of the functors on morphisms, and we also write the equalities that describe the functionality.
\def\agdasep{\vspace{-10.5ex}\begin{center}\rule{0.9\linewidth}{0.4pt}\end{center}\vspace{-3.5ex}}
\begin{tcolorbox}
\vspace{-2ex}
\agda{agda/Tm.tex}
\agdasep
\agda{agda/For.tex}
\agdasep
\agda{agda/Pf.tex}
\vspace{-7.5ex}
\end{tcolorbox}
Then we define our context extensions. We also have constructors for substitutions to extended contexts. This constructor should work as a product, which means that we have two \enquote{projections} that can revert the mapping. The constructor should finally be consistent with $\circ$.
Please ignore the \verb*|substP| for now, this notion will be explained in \autoref{sec:transport-hell}.
\begin{tcolorbox}
\vspace{-2ex}
\agda{agda/Tm+.tex}
\vspace{-7.5ex}
\end{tcolorbox}
\begin{tcolorbox}
\vspace{-2ex}
\agda{agda/Pf+.tex}
\vspace{-7.5ex}
\end{tcolorbox}
Finally, with those context extensions, we can define our operators on functions and proofs. Those operators have to commute with the images of substitutions (the equations are unneeded for proof operators, as they are in prop).
We can take a closer look at where our apparently strictly positive application should be ($\lam$ and $\foralli$). We can see that instead of an application, we only have a formula (or a proof) that goes from an extended context to a base contexts. This \enquote{removal} of the term variable stands for the strictly positive function that would have taken a term/proof as a parameter.
\begin{tcolorbox}
\vspace{-2ex}
\agda{agda/R.tex}
\agdasep
\agda{agda/Imp.tex}
\agdasep
\agda{agda/Forall.tex}
\agdasep
\agda{agda/LamApp.tex}
\agdasep
\agda{agda/ForallR.tex}
\vspace{-7.5ex}
\end{tcolorbox}
We now have a generalized algebraic theory that describes all the models of Predicate logic. A model is indeed an implementation of the agda record described above.
\section{Implementing the Syntax}
We will now try de define a strict syntax for that model. This means that we want to define \enquote{physically} a model that will be as tiny as possible.
\subsection{Separated Contexts}
A first intuition to help us construct this syntax is that we can split the $\bCon$ category in two. A first part will be related to term-extensions and the second part will be related to proof-extensions.
One difficulty is that those two parts are not intependent. Indeed, a proof-extension related context (or \emph{proof context}) will depend on formulæ, that will depend on term-extension related contexts (or \emph{term contexts}).
So, we first define the term contexts, which simply describes how many terms they are in the context (therefore, it is isomorphic to Nat).
\begin{tcolorbox}
\vspace{-2ex}
\agda{agda/ICont.tex}
\vspace{-7.5ex}
\end{tcolorbox}
Then, we can define terms (which can only be term variables in our simplified version), and formulæ (with only one binary relation). They are both indexed only on a term context, and we will need make them $\bCon \rightarrow \bSet$ rather than $\textbf{Cont} \rightarrow \bSet$. But this will be only a trivial extraction of the $\textbf{Cont}$ inside the $\bCon$, as we can notice that the terms and formulæ defined by a context doesn't depend on the proof variables available. We simply give the constructors described in the algebra.
\begin{tcolorbox}
\vspace{-2ex}
\agda{agda/ITm.tex}
\agdasep
\agda{agda/IFor.tex}
\vspace{-7.5ex}
\end{tcolorbox}
We now can define term substitutions. The algebra gives us two ways of constructing them: with $,_t$ and as a morphism from the initial object. That's how we make our constructor The two projections $\pi_t^1$ and $\pi_t^2$ are then simply obtained by destroying the $,_t$ constructor and getting the first or second term. The equalities between $\pi_$, $\pi_$ and $,_t$ can be proven easily in that layout.
We also have to define the action of term substitutions on terms and formulæ. The definitions are really natural, as we just go down the formulæ to get to the term variables and transform them into the terms specified in the substitution.
We also define the categorical constructors for the $\textbf{Cont}$ category, that is, the $id_t$ and $\circ_t$ operators, and we obviously have to show their three categorical laws.
We finally have to show the functorality of $\_\left[\_\right]\!t$ and $\_\left[\_\right]\!f$ i.e. that they do nothing on identity and that applying two substitutions one after the other is like applying their composition.
You can see we use some helper functions that are called $\operatorname{wk}_t$ and $\operatorname{lf}_t$. Those stands for weakening and lifting. I don't show their definitions here, because they are only helper functions, but $\operatorname{wk}_t$ means that from something going from a context $\Gamma$, we create something going from the context $\Gamma \triangleright_t$ that does not uses the added variable. $\operatorname{lf}_t$ means that we add one variable in the source, one variable in the goal, and that this variable is mapped to itself.
\begin{tcolorbox}
\vspace{-2ex}
\agda{agda/ISubt.tex}
\agdasep
\agda{agda/ISubtT.tex}
\agdasep
\agda{agda/ISubTF.tex}
\agdasep
\agda{agda/IIdCompT.tex}
\vspace{-7.5ex}
\end{tcolorbox}
We can now start creating the other category. For that, we can define the base set of the category like we did with term contexts. But this time, our extension constructor has another parameter: The formula the added proof proves. Therefore, we have a dependency of $\operatorname{Conp}$ on $\operatorname{Cont}$, because formula is defined in conp.
This new $\textbf{Conp}$ category is in fact a functor from $\textbf{Cont}$ to $\bSet$. So we have to define its action on $\textbf{Cont}$'s morphisms. And we also have to proove that this action respects the functorality of $\operatorname{Conp}$.
We will finally create another operator on $\textbf{Conp}$: $\triangleright tp$. This operator does a term extension of a proof context, which doesn't add any information to the proofs, it only adds one unused variable to them (we substitute all the proofs with $\operatorname{wk}_t \operatorname{id}_t$). It can be understood as the action of the general $\triangleright_t$ functor on $\textbf{Conp}$.
\begin{tcolorbox}
\vspace{-2ex}
\agda{agda/IConp.tex}
\agdasep
\agda{agda/ISubtC.tex}
\agdasep
\agda{agda/IConpTp.tex}
\vspace{-7.5ex}
\end{tcolorbox}
We now have everything we need to define proofs. As we are in the syntax, the only constructors for proofs will be those defined in the algebra, plus proof variables. These definitions are pretty straightforward as they are directly induced from the algebra. You can notice that we have separated term and proof contexts in the definitions, but it is only for the sake of readability, because operations on proofs will often modify the proof context without changing the term context.
We also define the action of term-substitutions on proofs (because Pf is a functor that is indexed by $\textbf{Cont}$). Terms substitutions does nothing to the proofs, they only affect formulæ and terms, which you cannot find inside a proof. So it is only changing the type of a proof from $\Pf Δ_t\;Δ_p\;A$ to $\Pf Γ_t\;Δ_p[σ]\; A[σ]$.
\begin{tcolorbox}
\vspace{-2ex}
\agda{agda/IPf.tex}
\agdasep
\agda{agda/ISubtP.tex}
\vspace{-7.5ex}
\end{tcolorbox}
Before we can define proof substitutions, we need to define a weaker version of them, that are called \emph{renamings}. A renaming from a proof context $Γ_p$ to a proof context $Δ_p$ that have the same term-context, is a way of re-ordering, duplicating or deleting the proofs contained inside of $Δ_p$. If we were to understand proof contexts as list of formulæ, then a renaming from $Γ_p$ to $Δ_p$ would be a witness that each formula in $Δ_p$ is contained at least one time in $Γ_p$. That's why we use $\operatorname{PfVar}$, as $\operatorname{PfVar} Γ_t Γ_p A$ is a witness that proof-context $Γ_p$ contains the formula $A$.
For these renamings, we make some constructors, for example the identity renaming, or the weakening of a renaming. We will finally make a operator that weakens a proof in $Γ_p$ with a renaming from $Γ_p$ to $Δ_p$ into a proof in $Δ_p$.
\begin{tcolorbox}
\vspace{-2ex}
\agda{agda/IRen.tex}
\vspace{-7.5ex}
\end{tcolorbox}
Now, we are defining a complete proof substitution, that can also be understood as a list a proofs of the formulæ described in the goal proof-context.
We can notice that those proof substitutions works with a fixed term-context. So they are weaker than the final substitutions we well have to define for our algebra, that have to be able to be morphisms between contexts that can differ on term-contexts and proof context at the same time. But this is not an issue and we can define all substitutions using only those restricted proof-substitutions.
Again, these substitutions are a functor over the category $\textbf{Cont}$, so we have to construct the action on morphisms, which is simply applying the transformations to all the proofs contained in the substitution.
\begin{tcolorbox}
\vspace{-2ex}
\agda{agda/ISubp.tex}
\agdasep
\agda{agda/ISubtS.tex}
\vspace{-7.5ex}
\end{tcolorbox}
With this new kind of substitution, we can substitute on proofs (that's what they're for). In other words, we have to describe the action of the $\Pf$ functor on the morphisms of the category $\textbf{Conp}$.
Proof substitution of proofs is simple to define, as we only get down the proof until we find a proof variable, in which case we replace it with the proof in the substitution, like we did for term-substitutions and formulæ.
Again, we have defined $\operatorname{wk}_p$ and $\operatorname{lf}_p$. The former will add an unused proof variable (an assumption) in a substitution, and the latter adds a formula in the goal which is proven using an assumption.
\begin{tcolorbox}
\vspace{-2ex}
\agda{agda/ISubpP.tex}
\vspace{-7.5ex}
\end{tcolorbox}
This definition of proof substitutions allows us to define the categorical operators for proof substitutions.
Of course, we have to show that the categorical laws apply to them, that $\_[\_]\sigma_p$ respects them, as we did for the Subt's laws.
The proofs of these laws contains a lot of transports, which will be described more precisely in \autoref{sec:transport-hell}.
\begin{tcolorbox}
\vspace{-2ex}
\agda{agda/IIdCompP.tex}
\vspace{-7.5ex}
\end{tcolorbox}
The last step is to merge our two kinds of contexts and substitutions in order to match the algebra.
For contexts, we simply have a record type. But for substitutions, we defined Subp to only describe substitutions between Conp{\footnotesize s} with \emph{the same Conp}. Our solution is to understand global substitutions as a sequence of substitutions, first on terms, and then on proofs. That's why the \enquote{proof} part of the substitution can only be applyed to proofs on $\Delta_p [t]p$, i.e. proofs that have already been term-substituted by the \enquote{term} part of the substitution. The definition of the algebra's substitution is given after, and you can see that substitutions works exactly as described, first, the proof and everything inside is substituted using the \enquote{term} part of the substitution, and only after that the \enquote{proof} part of the substitution is applied.
\begin{tcolorbox}
\vspace{-2ex}
\agda{agda/ICon.tex}
\agdasep
\agda{agda/ISub.tex}
\vspace{-13.5ex}
\begin{center}\rule{0.9\linewidth}{0.4pt}\end{center}
\vspace{-3ex}
\begin{code}
\>[4]\AgdaOperator{\AgdaField{\AgdaUnderscore{}[\AgdaUnderscore{}]p}}\AgdaSpace{}%
\AgdaSymbol{=}\AgdaSpace{}%
\AgdaSymbol{λ}\AgdaSpace{}%
\AgdaBound{pf}\AgdaSpace{}%
\AgdaBound{σ}\AgdaSpace{}%
\AgdaSymbol{}\AgdaSpace{}%
\AgdaSymbol{(}\AgdaBound{pf}\AgdaSpace{}%
\AgdaOperator{\AgdaFunction{[}}\AgdaSpace{}%
\AgdaField{Sub.t}\AgdaSpace{}%
\AgdaBound{σ}\AgdaSpace{}%
\AgdaOperator{\AgdaFunction{]pₜ}}\AgdaSymbol{)}\AgdaSpace{}%
\AgdaOperator{\AgdaFunction{[}}\AgdaSpace{}%
\AgdaField{Sub.p}\AgdaSpace{}%
\AgdaBound{σ}\AgdaSpace{}%
\AgdaOperator{\AgdaFunction{]p}}\<%
\end{code}
\vspace{-5ex}
\end{tcolorbox}
And we can finally define our categorical operators for the merged version. They are only concatenation of the previously defined operators, so no hard logic here. Those constructions are obviously followed by equations needed for the algebra.
\begin{tcolorbox}
\vspace{-2ex}
\agda{agda/IIdComp.tex}
\vspace{-3ex}
\agdasep
\agda{agda/ICExt.tex}
\vspace{-7.5ex}
\end{tcolorbox}
\subsection{Transport Hell}
\label{sec:transport-hell}
In order for you to understand the code, i have to explain what are transport. I'll do this with the example of the definition of \AgdaFunction{id}.
To construct it, we will use \AgdaFunction{idₜ} and \AgdaFunction{id${}$}, merged together with the constructor \AgdaInductiveConstructor{sub}. Here are the types of the different elements in an array.
\begin{center}
\renewcommand{\arraystretch}{1.2}
\begin{tabular}{l|l}
\AgdaFunction{id} & \AgdaRecord{Sub} (\AgdaInductiveConstructor{con} Γₜ Γₚ) (\AgdaInductiveConstructor{con} Γₜ Γₚ) \\\hline
\AgdaFunction{idₜ} & \AgdaDatatype{Subt} Γₜ Γₜ \\
\AgdaFunction{idₚ} & \AgdaDatatype{Subp} Γₚ Γₚ \\
\AgdaInductiveConstructor{sub} & (σ : \AgdaDatatype{Subt} Γₜ Δₜ) \\
& \AgdaSymbol{$\rightarrow$} \AgdaDatatype{Subp} Γₚ (Δₚ[σ]c) \\
& \AgdaSymbol{$\rightarrow$} \AgdaRecord{Sub} (\AgdaInductiveConstructor{con} Γₜ Γₚ) (\AgdaInductiveConstructor{con} Δₜ Δₚ) \\
\end{tabular}
\end{center}
But if we try to construct \AgdaFunction{id}, then we will eventually end up with the following goal:
\begin{center}
\AgdaFunction{id} = \AgdaInductiveConstructor{sub} \AgdaFunction{idₜ} \textbf{?} $\implies$ \textbf{?} : \AgdaDatatype{Subp} Γₚ (Γₚ[\AgdaFunction{idₜ}]c)
\end{center}
But then agda will complain if we give it as a goal the expression \enquote{\AgdaFunction{idₚ}}. Indeed, it is not trivial for them that \AgdaDatatype{Subp} Γₚ (Γₚ[\AgdaFunction{idₜ}]c) is the same as \AgdaDatatype{Subp} Γₚ Γₚ. Even if we can easily prove the equality between those two elements of \AgdaPrimitive{Prop} (the proof of the equality is derived from the fact that Conp is a functor from $\textbf{Cont}$ to $\bSet$, and therefore it has to respect the identity of $\textbf{Conp}$).
That's where transports comes in. Its definition is as follows:
\begin{center}
\AgdaFunction{substP} : \{A : \AgdaPrimitive{Set}\}(P : A → \AgdaPrimitive{Prop})\{a a' : A\} → a ≡ a' → P a → P a'
\end{center}
This is exactly the thing that will solve our problem. With the equality between the two elements of \AgdaPrimitive{Prop}, we can now convert \AgdaFunction{idₚ} to something that will correctly match the goal required by Agda.
This section is called \enquote{Transport Hell} because those transports between equal sets can get really annoying. In former version of the syntax, the \AgdaDatatype{Subp} were \AgdaPrimitive{Set}s instead of \AgdaPrimitive{Prop}s. And that created a lot of equalities related to polymorphic functions (quite all \AgdaDatatype{Subp}'s related functions were then polymorphic, as they would depend on proof contexts). And to solve those equalities, you have to extract what are precisely the polymorphic functions you are working with. You can see those proofs on \href{https://github.com/MysaaJava/m1-internship/commit/2728c60633a80631ed7b61bbfae5c81a1e0e193a#diff-99bc55bebd36ad0afbae3c6448793992086091c5b6b25973f73dd779690d7dd2}{former versions of the syntax}, they are really long and not interesting (as it is basically trying to tweak our equation so that Agda understands that two types are equal).
\section{Summary}
\section{Bibliography}
\begingroup
\renewcommand{\section}[2]{}%
\printbibliography
\endgroup
\newpage
\addappheadtotoc
\appendix
\addtocontents{toc}{\protect\setcounter{tocdepth}{-1}}
\appendixpage
\section{Agda Code}
\end{document}
Reference in New Issue View Git Blame Copy Permalink