A Dual-Context Sequent Calculus for 																					S														4											 Modal Lambda-Term Synthesis

Miranda-Perea, Favio E.; Omaña Silva, Sammantha; González Huesca, Lourdes del Carmen; Miranda-Perea, Favio E.; Omaña Silva, Sammantha; González Huesca, Lourdes del Carmen

doi:10.13053/cys-26-2-4238

Serviços Personalizados

Journal

Artigo

Indicadores

Citado por SciELO
Acessos

Links relacionados

Similares em SciELO

Mais
Mais

Permalink

Computación y Sistemas

versão On-line ISSN 2007-9737versão impressa ISSN 1405-5546

Comp. y Sist. vol.26 no.2 Ciudad de México Abr./Jun. 2022 Epub 10-Mar-2023

https://doi.org/10.13053/cys-26-2-4238

Articles of the thematic section

A Dual-Context Sequent Calculus for S4 Modal Lambda-Term Synthesis

Favio E. Miranda-Perea¹^*

Sammantha Omaña Silva²

Lourdes del Carmen González Huesca¹

¹1 Universidad Nacional Autónoma de México, Facultad de Ciencias, Departamento de Matemáticas, Mexico. luglzhuesca@ciencias.unam.mx.

²2 Universidad Nacional Autónoma de México, Instituto de Investigaciones en Matemáticas Aplicadas y en Sistemas, Posgrado en Ciencia e Ingeniería de la Computación, Mexico. samm.omana@gmail.com.

Abstract:

In type-based program synthesis, the search of inhabitants in typed calculi can be seen as a process where a specification, given by a type A, is considered to be fulfilled if we can construct a λ-term M such that M:A, or more precisely if Γ⊢M:A holds, that is, if under some suitable assumptions Γ the term M inhabits the type A. In this paper, we tackle this inhabitation/synthesis problem for the case of modal types in the necessity fragment of the constructive logic S4. Our approach is human-driven in the sense of the usual reasoning procedures of modern theorem provers. To this purpose we employ a so-called dual-context sequent calculus, where the sequents have two contexts, originally proposed to capture the notions of global and local truths without resorting to any formal semantics. The use of dual-contexts allows us to define a sequent calculus which, in comparison to other related systems for the same modal logic, exhibits simpler typing inference rules for the □ operator. In several cases, the task of searching for a term having subterms with modal types is reduced to the quest for a term containing only subterms typed by non modal propositions.

Keywords: Dual-context sequent calculus; constructive necessity; type inhabitation; modal lambda calculus; program synthesis

1 Introduction

Modal logic, originated in Mathematics and Philosophy, plays nowadays an important role in Computer Science. The use of modalities is relevant in the theory of programming languages where modal formulas of the form □A designate a type of encapsulated values, to be considered enhanced, related to ordinary values of type A.

For instance in staged computation [⁸] where □A is the type of run-time generated code that computes values of type A. Another important reading of modal types comes out in mobile computation [²³, ²²] where □A is the type of mobile code of type A. Other relevant interpretations of the necessity modality appear in the analysis of information flow either in computer networks [⁶] or in software security [²¹].

Coming from practical applications in the mentioned areas of computation, attention is focused on abstracting this kind of behaviors from real scenarios through specifications, which generates an outstanding task: the problem of constructing a program from a given specification.

In this paper we tackle a version of this synthesis problem at the foundational level given by lambda-term type-based synthesis. This is an instance of constructive/deductive synthesis [⁴] where a type A, coming from the constructive modal logic S4 for necessity in our case, plays the role of the specification that the sought after lambda-term has to meet together with a context Γ to represent a collection of subcomponents, specified again by their types, considered as already synthetized.

This approach corresponds to the type inhabitation problem: given a context Γ of type declarations for variables and a type A, is it possible to find a term M such that the typing Γ⊢M:A holds? which in turn corresponds, under the Curry-Howard correspondence, to proof-search: given a context of assumptions Γ and a formula A, find a derivation of the sequent Γ⊢A.

This problem has been addressed before in the case of modal logic [¹, ¹³, ²⁶] but not from the point of view we take here, which is an interactive human-driven process reminiscent of the ways of modern proof-assistants (like COQ [⁷]).

Let us show an example of the kind of programs (lambda-terms) we want to synthetize.

The specification □(A→B)→ □A→ □B corresponds to a program K witnessing the fact that encapsulated values are well-behaved under function application. In staged computation this means that taking as inputs run-time generated codes of types A→B and A, program K produces a code of type B:

K f x=deflet box f′=f in, let box x′=x in, box (f′⋆x′).

Here the box constructor signals the encapsulation process: if e denotes an encapsulated value then, e′ denotes its ordinary associated value so that the equality box e′=e holds. The ⋆ operator corresponds to function application of ordinary values retrieved from their encapsulated versions.

The above program K corresponds to the characteristic scheme of the modal logic S4, namely K. This example emphasizes the distinction between the two kinds of values^{^fn}: ordinary and enhanced. The idea behind an enhanced value is that it does not depend on any ordinary value. In summary we will consider two kinds of values and two processes which can be applied to any value, namely encapsulation and retrieval. All these behaviors will be enforced by the syntax and the type system.

We start in Section 2 by discussing the dual-context sequent calculus GS4, as a lambda-term type system. Our interactive program synthesis procedure is presented in Section 3, including an example. The soundness of the synthesis process is developed in Section 4, followed by some final remarks in Section 5.

2 A Dual-Context Sequent Calculus for Interactive Program-Synthesis

There are several discussions and applications involving deductive systems for modal logic, see [²⁷, ¹⁵] for a deep overview. However, to the best of our knowledge, there is no dedicated sequent calculus presentation of constructive S4 with the intention of human-driven proof-search or program synthesis.

Although, there are works on automated proof-search whose formalisms are therefore not suitable for high-level human-reasoning [¹, ²⁶, ¹³, ¹⁵, ¹⁸]. Let us review some proposed rules for S4 present in the literature, adapted here for the case of constructive logic:

A,□A,Γ⊢B□A,Γ⊢B(□L).

Although this left rule is adequate for proof-search, keeping both A and □A in the premise somehow entails redundant information and poses loop problems for automated proof-search, solved by means of sophisticated systems like the one in [²⁶]. In the case of right rules we mention two alternatives:

Γ□⊢AΓ□⊢□A(□R2), Γ°⊢AΓ⊢□A(□R3),

where Γ□ denotes a context with only boxed formulae and the context Γ° results from Γ by eliminating all the non modal formulae.

Apart from discarding the symmetry between left and right rules, rule (□R2) is not suitable for proof-search, since it restricts the shape of the assumptions to be boxed formulas.

In the case of rule (□R3), the conclusion sequent has the desired general form for proof-search, but in the generated subgoal Γ°⊢A, we can lose important information by passing from Γ to Γ°, although this can be alleviated by a clever decision taken by a human-agent, in order to avoid search flaws.

To mitigate the above mentioned issues and tackle the problem of type-based program synthesis we propose a sequent calculus which handles sequents of the form Δ|Γ⊢M:A where M is a lambda-term and Δ and Γ are contexts. This kind of formalism for modal logic has its origins in systems for linear logic [³] and has been introduced in [²⁴] for reconstructing modal logic in the light of Martin-Löf’s meaning of logical constants and laws [¹⁷]. In this approach, propositions obtain their meaning through judgments without any semantic label (worlds), in particular, modal operators are defined by means of judgments over propositions.

The notion of so-called hypothetical judgments is extended to categorical judgments where a conclusion does not depend on hypotheses about the constructive truth of propositions.

Hence, a distinction of two forms of primitive judgments is essential: ‘A true’ means that we know how to verify A under hypothetical judgments, whereas ‘A valid’ represents the fact that A is a proposition whose truth does not depend on any hypotheses, thus internalizing a categorical judgment as a proposition syntactically represented by the modal formula □A.

A disengagement similar to the context separation in dual-context systems is present in several works, for instance the systems of Fitting [¹⁰]; or the work of Avron et al. [²].

We move now to the technical definitions. The types are generated by the following grammar where ℬ denotes a collection of primitive basic types:

A,B::=ℬ|A→B|A∧B|A∨B|□A.

Unlike other presentations, we include disjunction and conjunction. Also note that neither negation nor ⊥ are present. Thus, we are dealing with minimal logic. Variable declaration contexts are defined by means of so-called snoc lists:

Γ::=⋅|Γ,x:A,

these are finite lists built from the empty list, denoted here by ⋅, and a binary constructor that generates a new list from a given one by adding a fresh variable x of type A to its right-end. The concatenation operation is inductively defined as expected and denoted by Γ1;Γ2.

In the below inference rules the idea behind the context separation is that hypotheses in Δ are enhanced (modal), whereas those in Γ are ordinary (intuitionistic). Nevertheless, this idea does not represent a syntactic restriction, for we can have arbitrary types, modal or intuitionistic, in both contexts. This is an important difference with other modal dual-context systems like those of [¹⁶].

Moreover, the context separation is strict, in particular it is forbidden to declare the same variable in both contexts. This is an important difference with [²⁴] where there is only one context with two zones, a choice that requires the use of explicit labels valid, true in the context formulae.

Since their introduction, dual-context modal logics and their type systems have been presented in the sequent-style of natural deduction [¹⁶, ⁸, ²², ⁹].

Such formalisms are not suitable for backward proof-search, reason why we present a sequent calculus GS4, adequate for our purposes. This system is inductively defined by the following inference rules, the corresponding lambda-terms encoding proofs are the target of the synthesis process discussed in detail in the next section:

— Initial rules: we have two rules that allow to conclude a hypothesis according to the context it belongs:

Δ|Γ,x:A;Γ′⊢x:A(THYP),Δ,x:A;Δ′|Γ⊢x:A(VHYP).

— Right rules:

The rules for propositional connectives are standard. In the case of a modal formula □A the right rule corresponds to the so-called necessitation rule and allows us to introduce the box operator on the right hand side of the turnstile, only in the absence of ordinary assumptions.
It is important to remark that this right rule, as rule (□R3), also suffers from loss of information in its backward reading.
However, such issue can be avoided in some cases by transferring to Δ some or all the boxed assumptions in Γ, which is not possible with (□R3).

The left rules come in two versions, one for each context.

— Left rules for the ordinary context:

For disjunction and conjunction, the rules are standard. The left rule (□L) represents a type transference principle between contexts: in the proof-search process we can move an encapsulated type in the ordinary context to the enhanced context by unboxing it.
The rule (→L) is not usual, for instead of decomposing the implicative hypothesis, in order to prove/use its components, like the regular left rule for implication, it only uses it to derive its consequent, once its antecedent has been derived.
This rule captures the local reasoning with implication common in informal proofs, instead the usual left rule for implication models an on the-fly prove/use of a lemma. This feature rarely figures in actual paper-and-pencil proofs and thus makes the original rule clumsy for proof-search purposes.
To the best of our knowledge this left rule, which is inspired by the apply tactic of the COQ proof-assistant, has been considered only by us [²⁰, ¹⁹], though it is also related to the rule (→L)° of Schroeder-Heister [²⁸].
Let us also note that, under the presence of the cut or substitution rule, the rule (→L) is equivalent to the ordinary left rule for implication. The details of this claim are omitted due to lack of space.
— Left rules for the enhanced context:

The rule for conjunction is again standard, whereas for implication the rule is analogous to the version for ordinary contexts. In the case of an enhanced disjunctive hypothesis the case analysis on z:A∨B is performed only by ordinary hypotheses x:A and y:B, otherwise the rule would be unsound^{^fn}. Finally, the rule □LE, introduced by us in [¹⁹], reduces the synthesis of a program involving an enhanced and encapsulated component □A to the search of a program involving only the non-encapsulated enhanced component A.
— Substitution or cut rules: these are essential for human-driven proof-search:

The enhanced substitution rule (SUBSTE) is derivable from (SUBST), but we keep both rules for the sake of symmetry. Moreover, it is relevant to mention that this ordinary rule is not admissible. This is not important for our purposes since the reasoning pattern provided by the cut rule is essential for human-driven proof search. A further discussion on this matter has to be presented elsewhere, due to lack of space.

With respect to the left rules for necessity we consider important to emphasize that, since they permit to encapsulate/retrieve values at the hypotheses level, the synthesis process involving an enhanced value can be reduced to one that requires only an ordinary value. This transference process (see [¹¹, Section 4.2]) allows us to reason in a more intuitive and straighforward way, as shown in the example of Section 3.

To finish the section is important to review the more usual elimination rule for □ in dual-context systems presented for instance in [²⁵, ⁸, ¹⁶, ⁹]. This typing rule for a letbox operator is:

Δ|Γ⊢M: □A Δ,x:A|Γ⊢N:BΔ|Γ⊢letb x=M in N:B(□E).

We can observe that such rule entails a specific substitution (cut) process that provides the primitive way of using an ordinary value (the assumption x:A) retrieved from an enhanced value (the term M: □A), at the price of requiring an explicit derivation of M. Of course this is characteristic of (generalized) elimination rules in sequent-style natural deduction and can be simulated in GS4 by means of the (□L) and (SUBST) rules. The definition of letb, in concrete syntax, witnessing this simulation is: letb x=M in N=def let y=M in letbox x=y in N.

It is easy to see that in a dual-context natural deduction system, with (□E) as a primitive rule, our rules (□L) and (□LE) can be simulated as well. Thus, both systems turn out to be equivalent (more details are provided in [¹⁹]). Moreover, in [¹¹] we prove that the system of dual-context natural deduction is equivalent to an S4-axiomatic system. Then we can conclude that the present system captures exactly the necessity fragment of the constructive logic S4.

3 Interactive Program Synthesis

The lambda-terms that appear in the sequent calculus typing rules of Section 2, formalize the kind of programs target of the synthesis process. They include modal constructors in the lines of some related languages [²⁵, ⁸, ¹⁶, ⁹] as well as distinct variable binding operators (let or case expressions). Let us collect them precisely.

Definition 3.1. A pseudoterm is an expression generated by the following grammar:

The metavariable M denotes pseudoterms which are classified as right pseudoterms, those generated by the metavariable R; ordinary pseudoterms, generated by O and enhanced pseudoterms, generated by E. A left pseudoterm is either an ordinary or an enhanced pseudoterm. Finally, those generated by P are called strong let-expressions.

As our matter of interest is to synthetize lambda-terms we define pseudoterms, which are expressions corresponding to programs with unknown templates to be filled during the synthesis process. A basic and least informative template is represented by a category of metavariables or search-variables, disjoint from the usual term variables, denoted by a capital X. A pseudoterm M is called a term or a program if M does not contain search variables.

Apart from the usual lambda term constructors for functions, sums and products, we use twin program constructors in order to make explicit the manipulation of ordinary or enhanced values, the only difference being a prefix e indicating the need for an enhanced input (we use an infix application operator ⋆ in the case of an enhanced function). There is no need to have twin constructors for right pseudoterms, due to the fact that an enhanced value can be constructed directly by the box operator.

Let us sketch next our program synthesis technique: given two contexts of type declarations for variables, Δ and Γ (for enhanced and ordinary assumptions respectively) and a type specification A, the goal is to construct a program M such that the typing Δ|Γ⊢M:A holds. The program M is currently unknown and it is represented with a search-variable X. The task is to find a value for X such that Δ|Γ⊢X:A holds.

Analyzing the specific form either of A or of some assumption type; and applying a backward reading of the typing rules, some restrictions on the form of M are generated in order to give a solution for X. These conditions are given by pseudoterm equations which, if solvable, will allow to construct the desired program.

For instance, the search for an X such that ⋅|x:A⊢X:A∨B holds, is reduced to the search for a Y such that ⋅|x:A⊢Y:A holds. The search-variables X and Y are related by the equation X≈inl Y. The last goal is directly solved by the equation Y≈x. By solving these two equations, we obtain that M=definl x verifies ⋅|x:A⊢M:A∨B.

However, let us observe that sequents involving search-variables are not derivable, for, according to Section 2, there is no typing rule for this kind of variables. Such underivable sequents represent synthesis problems, which are program search tasks formalized by the following notion of pseudosequent.

Definition 3.2. A pseudosequent or search-sequent, P, is a 4−tuple of the form Δ|Γ⊢?X:A where X is a search-variable.

For the synthesis process we will need to handle finite sequences of pseudosequents defined as follows:

Definition 3.3. The set of finite sequences of pseudosequents is recursively defined with the grammar:

S::=•|P,S

where • denotes the empty sequence. For clarity, a singleton sequence is identified with its unique element. As for contexts, the semicolon operator ; is used for concatenation of pseudosequents sequences.

The restrictions generated during the program search will be captured by constraint sets defined as follows:

Definition 3.4. A constraint is an equation of the form X≈e where X is a search-variable and e is a pseudoterm. A set of equations:

ℛ={X1≈e1,X2≈e2,…,Xk≈ek},

where all Xi are different, is called a constraint set. According to the category of the pseudoterm e, a constraint can be right, ordinary, enhanced, left or strong.

Next we define what is a solution of a constraint set.

Definition 3.5. Given a constraint set ℛ, a pseudoterm M is solution of the constraint X≈e in ℛ, if M is a term and there is a substitution^{^fn} of search-variables by terms, say σ=[X1,…,Xn/M1,…,Mn], such that M≡eσ (i.e M is syntactically identical to eσ up-to α-equivalence). In such case the solution is written as M=Solℛ(X≈e).

Sequences of pseudosequents interact with constraint sets by means of goals, defined as follows.

Definition 3.6. A goal is a pair S∥ℛ consisting of a sequence of pseudosequents S and a constraint set ℛ. The set of goals is denoted by Goal.

The program synthesis process is defined next by means of a transition system where the goals play the role of states and the transitions, which are called tactics, transform a goal into another goal according to the backward reading of the typing rules. We consider this formal definition and handling of backward lambda-term synthesis as the second main contribution of this paper.

Definition 3.7. The transition system is defined as follows:

— A state is a goal S∥ℛ.
— An initial state is a goal of the form Δ|Γ⊢?X:A∥∅, that is, a goal composed of a unique pseudosequent and the empty constraint set.
— A terminal state is a goal of the form •∥ℛ, that is, a goal composed of the empty sequence of pseudosequents and an arbitrary constraint set.
— The transition relation ▷ ⊆Goal×Goal is inductively defined by the axioms and inference rule below, where a transition S1∥ℛ1 ▷S2∥ℛ2 can be read as to solve the current goal S1∥ℛ1 it suffices to solve the subgoal S2∥ℛ2.

In each basic transition, the search-sequent Δ|Γ⊢?X:A dictates the action according to the backward reading of a typing rule, updating the constraint set accordingly.

In the following, we define the transition system axioms according to four synthesis process. In each case we assume that the search-variables introduced in the pseudosequents of the reduct are fresh, that is, do not occur in the redex.

3.1 Direct Synthesis

Direct synthesis triggers the synthesis by directly analyzing the shape of the typing specification producing a right constraint:

3.2 Indirect Synthesis

Indirect synthesis focuses on a type in any of the contexts, generating a left constraint:

retrieve x:Δ|Γ,x: □A;Γ′⊢?X:B∥ℛ ▷ Δ,y:A|Γ;Γ′⊢?X1:B∥ℛ,X≈letbox(x,y.X1),retrieve x:Δ,x: □A;Δ′|Γ⊢?X:B∥ℛ ▷ Δ,y:A;Δ′|Γ⊢?X1:B∥ℛ,X≈eletbox(x,y.X1).

In this case, distinct tactics have the same name for they share the same functionality: the apply tactics correspond to the application of a functional hypothesis; the destruct tactics trigger the destruction of a specific hypothesis, replacing it by simpler hypotheses in the subgoals. Finally, the manipulation of modal hypotheses is managed by the retrieve tactics.

3.3 Strong Synthesis

Strong synthesis requires to guess the type corresponding to the first premise of a substitution rule and generates a strong constraint. This calls for an explicit interaction^{^fn} with the human agent, which is why we speak of a strong synthesis:

Let us observe that each substitution rule has two corresponding tactics, namely assert and enough, the difference being only operational: either we first synthetize the auxiliar component A and then invoke it or viceversa.

3.4 Immediate Synthesis

Immediate synthesis generates a synthesis problem which is trivially solved by an initial inference rule. The constraints generated here are necessarily of the form X≈x.

assumption:Δ|Γ,x:A;Γ′⊢?X:A∥ℛ ▷ •∥ℛ,X≈x,eassumption:Δ,x:A;Δ′|Γ⊢?X:A∥ℛ ▷ •∥ℛ,X≈x.

The names of some of the above tactics, though not the ones involving modal types, coincide with the names of analogous tactics implemented in the COQ proof assistant.

3.5 Inference Rule for Transition

All the above tactics constitute the basic axioms of the transition system. Next we give the sole inference rule for transitions.

Sequencing:

Several basic transitions cause the sequence of search-sequents in a goal to grow. In such cases we need to choose a specific search-sequent within the current goal to perform the next transition. The sequencing rule (seq) determines the choice order, namely from the first (left most) search-sequent:

S1∥ℛ1 ▷ S2∥ℛ2S1;S∥ℛ1 ▷ S2;S∥ℛ2(seq).

We show an example of how the transition system of tactics performs the synthesis process. Let us recall that the solution of a constraint is not unique and depends on the solutions of the later constraints found in the synthesis process. The application of any tactic guarantees that each search-variable appears in a pseudoterm in the constraint set.

Example 3.1. A program t corresponding to the specification given by the modal scheme K is synthetized as follows.

⋅|⋅⊢?X: □(A→B)→ □A→ □B∥0,▷ intro x⋅|x: □(A→B)⊢?X1: □A→ □B∥X≈λx.X1,▷ intro y⋅|x: □(A→B),y: □A⊢?X2: □B∥ℛ,X1≈λy.X2,▷ retrieve xx1:A→B|y: □A⊢?X3: □B∥ℛ′,X2≈letbox(x,x1.X3),▷ retrieve yx1:A→B,y1:A|⋅⊢?X4: □B∥ℛ″,X3≈letbox(y,y1.X4),▷ unboxx1:A→B,y1:A|⋅⊢?X5:B∥ℛ‴,X4≈box X5,▷ apply x1x1:A→B,y1:A|⋅⊢?X6:A∥ℛiv,X5≈x1⋆X6,▷ eassumption,•∥ℛ‴,X4≈box X5,X5≈x1⋆X6,X6≈y1,

where

ℛ=X≈λx.X1,ℛ′=X≈λx.X1,X1≈λy.X2,ℛ″=ℛ′,X2≈letbox(x,x1.X3),ℛ‴=ℛ″,X3≈letbox(y,y1.X4),ℛiv=ℛ‴,X4≈box X5,

and the solution for X is: t=defλx.λy.letbox(x,x.letbox(y,y.box(x1⋆y1))).

Example 3.2. A program M corresponding to the specification given by type □(A∧B)→(□A∧ □B) is synthetized as follows.

where

ℛ=X≈λx.X1,ℛ′=ℛ,X1≈letbox(x,x1.X2),ℛ″=ℛ′,X2≈eletpair(x1,y1.y2.X3),ℛ‴=ℛ″,X3≈〈X4,X5〉,X4≈box X6,

and the solution for X is:

M=defλx.letbox(x,x1.eletpair(x1,y1.y2.〈box y1,box y2〉))

Example 3.3. A program M meeting the specification given by □(□A∨□B)→ □(A∨B) is synthetized as follows:

where

ℛ=X≈λx.X1,ℛ′=ℛ,X1≈letbox(x,x1.X2),ℛ″=ℛ′,X2≈box X3,ℛ‴=ℛ″,X3≈ecase(x1,x2.X4,x3.X5),ℛiv=ℛ‴,X4≈inl X6,ℛv=ℛiv,X6≈letbox(x2,x4.X7),ℛvi=ℛv,x7≈x4,X5≈inr X8,

and the solution for X is:

M=defλx.letbox(x,x1.box(ecase(x1,x2.inl letbox(x2,x4.x4),x3.inr letbox(x3,x5.x5))))

Let us observe that, since the unbox and retrieve tactics replace a modal with a pure propositional assumption, as announced, we are replacing a modal reasoning with a propositional inference.

4 Soundness of the Synthesis Process

In this section we prove the soundness of the synthesis process. Given an initial goal Δ|Γ⊢?X:A∥∅ we want to guarantee that: if the transition relation succeeds, that is, if applying the transition rules a finite number of times from this goal, we arrive to a final goal •∥ℛ, then there is a program M, constructed by solving the contraints in ℛ, such that Δ|Γ⊢M:A holds. Let us start by stating a convenient definition for the transitive closure of the transition relation.

Definition 4.1. The transitive closure of the relation ▷, denoted ▷+, is inductively defined by the following rules:

S∥ℛ ▷S′∥ℛ′S∥ℛ ▷+S′∥ℛ′,S∥ℛ ▷S′∥ℛ′ S′∥ℛ′ ▷+S″∥ℛ″S∥ℛ ▷+S″∥ℛ″.

Given an initial goal Δ|Γ⊢?X:A∥∅, let us observe that the transition process succeeds from this goal exactly when there is a constraint set ℛ such that Δ|Γ⊢?X:A∥∅ ▷+•∥ℛ holds.

Definition 4.2. A pseudosequent Δ|Γ⊢?X:A is solvable with respect to a constraint set Q (or Q-solvable), if there is a constraint X≈e∈Q and a program M=SolQ(X≈e) such that the typing Δ|Γ⊢M:A holds.

Given a constraint set Q we say that a goal S∥ℛ is Q-solvable if ℛ⊆Q and all pseudosequents in S are Q-solvable.

We remark that the solution is not unique, moreover, there can be an infinite number of solutions. Thus, it should be the human agent who decides the desired solution as she is conducting the whole process. This rules out some relevant inquiries of automated proof-search like the question of the complexity of the proof-search space.

The next lemma guarantees that the solvability of goals is rearward preserved by the transition relation, this characteristic will imply the desired soundness property.

Lemma 1. Let Q be a constraint set such that ℛ1,ℛ2⊆Q. If S1∥ℛ1 ▷+S2∥ℛ2 and S2∥ℛ2 is solvable with respect to Q then S1∥ℛ1 is solvable with respect to Q.

Proof. Let Q be as required. The proof goes by induction on ▷+. In the base case we have S1∥ℛ1 ▷S2∥ℛ2 and proceed by a nested induction on ▷. We give some cases as example. The remaining are analogous:

— Case (intro x): We have Δ|Γ⊢?X:A→B∥ℛ ▷ Δ|Γ,x:A⊢?Y:B∥ℛ,X≈λx.Y. Let us assume that M=SolQ(Y≈N) with Δ|Γ,x:A⊢M:B. In this case we have Δ|Γ⊢(λx.Y)[Y/M]:A→B by rule (→R). Noting that λx.M is a program, for so is M, and that λx.M≡(λx.Y)[Y/M] we get that λx.M=SolQ(X≈λx.Y). Thus the goal Δ|Γ⊢?X:A→B∥ℛ is solvable with respect to Q and the case is done.
— Case (vassert A:): In this case we have Δ|Γ⊢?X:C∥ℛ ▷ Δ|⋅⊢?X1:A;Δ,x:A|Γ⊢?X2:C∥ℛ,X≈elet(X1,x.X2). Let us assume that Δ|⋅⊢M1:A and Δ,x:A|Γ⊢M2:C where M1, M2 are programs such that there are equations Y1≈N1,Y2≈N2∈Q with M1=SolQ(Y1≈N1),M2=SolQ(Y1≈N2). From the above typings we get, by the (SUBSTE) rule, that Δ|Γ⊢elet(M1,x.M2):C. Finally we observe that elet(M1,x.M2)=SolQ(X≈elet(X1,x.X2)). Thus the goal Δ|Γ⊢?X:C∥ℛ is solvable with respect to Q as desired.
— Case (seq): We have here that there exists a sequence S such that S1;S∥ℛ1 ▷ S2;S∥ℛ2 where S1∥ℛ1 ▷ S2∥ℛ2. Let us assume that S2;S∥ℛ2 is solvable with respect to Q. This implies in particular that S2∥ℛ2 is Q-solvable, from which the nested induction hypothesis now yields that S1∥ℛ1 is Q-solvable. From this we can conclude that the sequence S1;S is Q-solvable (observe that the part S was already Q-solvable due to the original assumption). Thus, the goal S1;S∥ℛ1 is solvable with respect to Q, as desired. This finishes the nested induction that proves the base case.

For the inductive step, we have that S1∥ℛ1 ▷+S2∥ℛ2 where there is a goal S3∥ℛ3 such that S1∥ℛ1 ▷ S3∥ℛ3 and S3∥ℛ3 ▷+S2∥ℛ2. Assuming that S2∥ℛ2 is solvable with respect to Q the I.H. yields S3∥ℛ3 is solvable with respect to Q, the already proved base case now yields that S1∥ℛ1is solvable with respect to Q, as desired.

Theorem 4.1 (Soundness of the synthesis process). Let Δ|Γ⊢?X:A be a synthesis problem. If Δ|Γ⊢?X:A∥∅ ▷+•∥ℛ then there is a program M such that Δ|Γ⊢M:A.

Proof. It is clear that the goal •∥ℛ is solvable with respect to ℛ, hence, the Lemma 1 yields that Δ|Γ⊢?X:A∥∅ is also solvable with respect to ℛ. This fact ensures the existence of the desired program M.

According to this theorem our type-based synthesis process is correct. This ends our exposition. Let us finish this paper with some remarks.

5 Final Remarks

In this paper we presented a dual-context sequent calculus GS4 for the necessity fragment of the constructive modal logic S4, originated in our previous work [¹⁹], as a type system for lambda-terms. The modal types allow us to make a distinction between values with essentially the same functionality, namely ordinary values (inhabiting the type A) and enhanced values (inhabiting the type □A). This distinction is required by several applications.

The specific left rules for implication and necessity as well as the dual-context feature enable us to define a simple and intuitive sound bottom-up synthesis process involving a left-to-right depth-first proof-search, which, with the help of constraint-sets and the backward reading of the typing rules succeeds in returning a correct-by-construction modal lambda-term.

The procedure is human-driven, in the sense of modern interactive theorem provers, a feature that allows to define the synthesis process without technical modifications of the inference rules, unlike some proposals of automated proof-search [²⁹, ¹, ²⁶].

Towards a more realistic programming environment we intend to extend the current approach to a dual-context sequent calculus for the full modal logic S4, related to our work in [¹²]. Another important task is to extend the here presented results to the classical version of S4. This requires a handling of classical negation suitable for proof-search, in particular the use of a traditional multi conclusion sequent calculus is not convenient.

Some other programming language features, like a detailed study of the operational semantics and the extension of GS4 with recursion and memory references in the lines of [²², ⁸], have to be integrated in this quest.

Another important research topic consists of mechanizing^{^fn} the current results, following our previous work [¹¹]. With respect to other approaches of type-based synthesis in modal logic, we consider important to relate our approach with those involving intersection types, like [¹⁴, ⁹]. This would complicate the constraints, due to the fact that the typing rules for intersection are obviously not syntax-directed. This happens also in other richer type systems, for instance [⁵] involving some kind of polymorphism.

In some cases the constraints might be unsolvable, for example if the constraint-sets are cyclic or contain a recursive constraint. But even if they are solvable, their solutions would certainly require more powerful tools, such as (higher-order) unification.

Acknowledgments

This research is being supported by DGAPA-PAPIIT UNAM grant IN119920.

References

1. Andrikonis, J. (2012). Loop-free calculus for modal logic s4. i. Lithuanian Mathematical Journal, Vol. 52, No. 1, pp. 1–12. [ Links ]

2. Avron, A., Honsell, F., Miculan, M., Paravano, C. (1998). Encoding Modal Logics in Logical Frameworks. Studia Logica, Vol. 60, No. 1, pp. 161–208. [ Links ]

3. Barber, A. G., Plotkin, G. (1997). Dual intuitionistic linear logic. Technical Report LFCS-96-347, University of Edinburgh. [ Links ]

4. Basin, D., Deville, Y., Flener, P., Hamfelt, A., Fischer Nilsson, J. (2004). Synthesis of programs in computational logic. In Bruynooghe, M., Lau, K.-K., editors, Program Development in Computational Logic: A Decade of Research Advances in Logic-Based Program Development. Springer Berlin Heidelberg, Berlin, Heidelberg, pp. 30–65. [ Links ]

5. Bessai, J., Dudenhefner, A., Düdder, B., Chen, T.-C., de’Liguoro, U., Rehof, J. (2015). Mixin Composition Synthesis Based on Intersection Types. Altenkirch, T., editor, 13th International Conference on Typed Lambda Calculi and Applications (TLCA 2015), volume 38 of Leibniz International Proceedings in Informatics (LIPIcs), Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik, Dagstuhl, Germany, pp. 76–91. [ Links ]

6. Borghuis, T., Feijs, L. (2000). A constructive logic for services and information flow in computer networks. The Computer Journal, Vol. 43, No. 4, pp. 274–289. [ Links ]

7. The Coq Development Team (2020). The Coq Proof Assistant Reference Manual Version 8.11. [ Links ]

8. Davies, R., Pfenning, F. (2001). A modal analysis of staged computation. J. ACM, Vol. 48, No. 3, pp. 555–604. [ Links ]

9. Düdder, B., Martens, M., Rehof, J. (2014). Staged composition synthesis. Shao, Z., editor, Programming Languages and Systems, Springer Berlin Heidelberg, Berlin, Heidelberg, pp. 67–86. [ Links ]

10. Fitting, M. C. (1983). Proof Methods for Modal and Intuitionistic Logics. Synthese Library. Springer Netherlands. [ Links ]

11. González-Huesca, L., Miranda-Perea, F. E., Linares-Arévalo, P. S. (2019). Axiomatic and dual systems for constructive necessity, a formally verified equivalence. Journal of Applied Non-Classical Logics, Vol. 29, No. 3, pp. 255–287. [ Links ]

12. González Huesca, L. d. C., Miranda-Perea, F. E., Linares-Arévalo, P. S. (2020). Dual and Axiomatic Systems for Constructive S4, a Formally Verified Equivalence. Electronic Notes in Theoretical Computer Science, Vol. 348, pp. 61–83. 14th International Workshop on Logical and Semantic Frameworks, with Applications (LSFA 2019). [ Links ]

13. Heilala, S., Pientka, B. (2007). Bidirectional decision procedures for the intuitionistic propositional modal logic is4. Proceedings of the 21st international conference on Automated Deduction: Automated Deduction, CADE-21, Springer-Verlag, Berlin, Heidelberg, pp. 116–131. [ Links ]

14. Henglein, F., Rehof, J. (2016). Modal intersection types, two-level languages, and staged synthesis. In Probst, C., Hankin, C., Hansen, R., editors, Semantics, logics, and calculi, Lecture notes in computer science. Springer, pp. 289–312. Nielsons’ Festschrift. [ Links ]

15. Hudelmaier, J. (1996). A contraction-free sequent calculus for s4. In Wansing, H., editor, Proof Theory of Modal Logic, Applied Logic Series. Springer Netherlands, pp. 3–15. [ Links ]

16. Kavvos, G. A. (2017). Dual-context calculi for modal logic. 32nd Annual ACM/IEEE Symposium on Logic in Computer Science, LICS 2017, Reykjavik, Iceland, June 20-23, 2017, pp. 1–12. [ Links ]

17. Martin-Löf, P. (1996). On the meanings of the logical constants and the justifications of the logical laws. Nordic J. Philos. Logic, Vol. 1, No. 1, pp. 11–60. [ Links ]

18. Mints, G., Orevkov, V., Tammet, T. (1996). Transfer of sequent calculus strategies to resolution for s4. In Wansing, H., editor, Proof Theory of Modal Logic, Applied Logic Series. Springer Netherlands, pp. 17–31. [ Links ]

19. Miranda-Perea, F. E., del Carmen González Huesca, L., Linares-Arévalo, P. S. (2020). On interactive proof-search for constructive modal necessity. Electronic Notes in Theoretical Computer Science, Vol. 354, pp. 107–127. Proceedings of the Eleventh and Twelfth Latin American Workshop on Logic/Languages, Algorithms and New Methods of Reasoning (LANMR). [ Links ]

20. Miranda-Perea, F. E., Linares-Arévalo, P. S., Aliseda-Llera, A. (2015). How to prove it in natural deduction: A tactical approach. CoRR, Vol. abs/1507.03678. [ Links ]

21. Miyamoto, K., Igarashi, A. (2004). A modal foundation for secure information flow. Sabelfeld, A., editor, Workshop on Foundations of Computer Security, pp. 187–203. [ Links ]

22. Moody, J. (2004). Logical mobility and locality types. S., E., editor, Proceedings of the 14th International Conference on Logic Based Program Synthesis and Transformation. LOPSTR 2004, volume 3573 of Lecture Notes in Computer Science, Springer-Verlag, Berlin, Heidelberg, pp. 69–84. [ Links ]

23. Murphy VII, T., Crary, K., Harper, R., Pfenning, F. (2004). A symmetric modal lambda calculus for distributed computing. Proceedings of the 19th Annual IEEE Symposium on Logic in Computer Science, LICS ’04, IEEE Computer Society, Washington, DC, USA, pp. 286–295. [ Links ]

24. Pfenning, F., Davies, R. (2001). A judgmental reconstruction of modal logic. Mathematical Structures in Comp. Sci., Vol. 11, No. 4, pp. 511–540. [ Links ]

25. Pfenning, F., Wong, H. (1995). On a modal lambda calculus for S4. Brookes, S. D., Main, M. G., Melton, A., Mislove, M. W., editors, Eleventh Annual Conference on Mathematical Foundations of Programming Semantics, MFPS 1995, Tulane University, New Orleans, LA, USA, March 29 - April 1, 1995, volume 1 of Electronic Notes in Theoretical Computer Science, Elsevier, pp. 515–534. [ Links ]

26. Pliuškevičius, R., Pliuškevičienė, A. (2008). A new method to obtain termination in backward proof search for modal logic s4. Journal of Logic and Computation, Vol. 20, No. 1, pp. 353–379. [ Links ]

27. Poggiolesi, F. (2010). Gentzen Calculi for Modal Propositional Logic. Trends in Logic. Springer Netherlands. [ Links ]

28. Schroeder-Heister, P. (2011). Implications-as-Rules vs. Implications-as-Links: An Alternative Implication-Left Schema for the Sequent Calculus. J. Philosophical Logic, Vol. 40, No. 1, pp. 95–101. [ Links ]

29. Stone, M. (2005). Disjunction and modular goal-directed proof search. ACM Trans. Comput. Logic, Vol. 6, No. 3, pp. 539–577. [ Links ]

Through the whole paper we allow ourselves to speak of values when referring to any expression which, perhaps after an adequate binding, would yield a well-defined value under any fixed dynamic semantics.

For instance, it would allow to derive □(A∨B)→ □A∨ □B, which is invalid in all known semantics of S4.

Substitution in the usual sense.

Nevertheless, the reader can note that the indirect synthesis process also requires interactivity in order to choose an adequate hypothesis and match a particular tactic.

This is the main reason for defining contexts as lists instead of sets or multisets.

Received: October 09, 2020; Accepted: February 11, 2021

^* Corresponding author: Favio E. Miranda-Perea, e-mail: favio@ciencias.unam.mx

This is an open-access article distributed under the terms of the Creative Commons Attribution License

Serviços Personalizados

Journal

Artigo

Indicadores

Links relacionados

Compartilhar

Computación y Sistemas

versão On-line ISSN 2007-9737versão impressa ISSN 1405-5546

Comp. y Sist. vol.26 no.2 Ciudad de México Abr./Jun. 2022 Epub 10-Mar-2023

https://doi.org/10.13053/cys-26-2-4238