Some Corollaries - The Concurrent Programming Language CLASS

The Concurrent Programming Language CLASS

8.3 Some Corollaries

Then

cut!{𝑦.𝑃 |𝑥 :𝐴|call𝑥(𝑧);𝑄^′} →cut{{𝑧/𝑦}𝑃 |𝑧 :𝐴| (cut!{𝑦.𝑃|𝑥 :𝐴|𝑄^′})}

(→[call])

≈cut{{𝑧/𝑦}𝑃 |𝑧:𝐴| 𝑅^′}, for some normal𝑅^′ (i.h.(𝐴, 𝐻₂, 𝑃, 𝑄) → (𝐴, 𝐻₂, 𝑃, 𝑄^′))

≈𝑅, for some normal𝑅

(i.h.(𝐴, 𝐻₂,−,−) → (𝐴, 𝐻₁,−,−))

Our main result for this chapter, the Cut Normalisation Theorem4, follows immediately by the Cut Normalisation Lemma15. In the next section we will present some corollaries of this main result.

Theorem 4(Cut Normalisation). Fore every process𝑃 ⊢ Δ;Γthere is a normal form 𝑄 s.t.

𝑃≈𝑄.

Proof. By straightforward induction on a type derivation tree for𝑃 ⊢ Δ;Γ and by case analysis on the root rule. Cases [Tcut] and [Tcut!] follow by Lemma15.

Lemma 16(Normal Forms Satisfy the Subformula Property). If𝑃is normal then every type derivation for𝑃⊢Δ;Γsatisfies the subformula property.

Proof. By induction on a derivation for𝑃⊢Δ;Γand by case analysis on the root rule. The interesting case is [Tcut]. Since𝑃is normal, the cut must be an open cell.

Suppose w.l.o.g that it is a full open cell. Then,

𝑃 =cut{cell𝑥(𝑦.𝑄) |𝑥:S^𝑓 𝐴| share𝑥{fwd𝑥 𝑧| |𝑅}}

and by inverting we conclude that any type derivation for𝑃⊢Δ;Γhas the following form ...

𝑄⊢𝑦 :!𝐴;Γ cell𝑥(𝑦.𝑄) ⊢𝑥:S^𝑓 𝐴;Γ

fwd𝑥 𝑧 ⊢𝑥 :U^𝑓 𝐴, 𝑧 :S^𝑓 𝐴;Γ

...

𝑅⊢Δ^′, 𝑥:U^𝑓 𝐴;Γ share𝑥{fwd𝑥 𝑧 | |𝑅} ⊢Δ^′, 𝑥:U^𝑓 𝐴, 𝑧 :S^𝑓 𝐴;Γ cut{cell𝑥(𝑦.𝑄) |𝑥| share𝑥{fwd𝑥 𝑧 | |𝑅}} ⊢Δ^′, 𝑧 :S^𝑓 𝐴;Γ

whereΔ = Δ^′, 𝑧 :S^𝑓 𝐴. By induction on𝑄 ⊢𝑦 : 𝐴;Γand𝑅⊢Δ, 𝑥 :U^𝑓 𝐴;Γwe conclude that derivations for𝑄⊢ 𝑦:𝐴;Γand𝑅⊢Δ, 𝑥:U^𝑓 𝐴;Γenjoy the subformula property, from which we can easily derive subformula property for the type derivation of𝑃⊢Δ;Γ. Recall that≤is preserved by duality, henceU𝑓 𝐴≤S𝑓 𝐴and that the inequalityaffine𝐴;≤S𝑓 𝐴 holds (Def.28).

We now present our first corollary.

Corollary 1(Subformula Property). Suppose𝑃⊢Δ;Γ. There is a type derivation𝑄⊢Δ;Γthat satisfies the subformula property and𝑃 ≈𝑄.

Proof. Follows by Cut Normalisation Theorem4and Lemma16.

We will now present the second corollary 2. But first, some definitions. We say that a process𝑃 is cut-free iff there is no process context 𝒞nor processes𝑄, 𝑅s.t. 𝑃 = 𝒞[cut{𝑄 |𝑥| 𝑅}]or𝑃 =𝒞[cut!{𝑦.𝑄 |𝑥|𝑅}], in other words if the process does not have either linear nor unrestricted cuts as subprocesses. We say that a type𝐴is pure iff there is no type𝐵 s.t. eitherS^𝑓 𝐵 ≤ 𝐴orS^𝑒 𝐵 ≤ 𝐴. A typing context is pure iff all the types inΔ;Γare pure. A process𝑃is pure iff there is no process context nor processes𝑄, 𝑅s.t.

either𝑃=𝒞[cell𝑥(𝑦.𝑄)],𝑃 =𝒞[release𝑥],𝑃=𝒞[take𝑥(𝑦);𝑄],𝑃 =𝒞[put𝑥(𝑦.𝑄);𝑅]or 𝑃=𝒞[share𝑥 {𝑄 | |𝑅}].

Now, we present our second corollary.

Corollary 2 (Cut Elimination for Pure Sequents). Suppose 𝑃 ⊢ Δ;Γ, where Δ;Γ is a pure typing context. There exists a pure cut-free process𝑄⊢Δ;Γs.t.𝑃≈𝑄.

Proof. By the Normalisation Theorem4, there exists a normal process𝑄⊢Δ;Γs.t𝑃≈𝑄. We show first that𝑄 ⊢Δ;Γis pure.

cut{cell𝑐(𝑏.affine𝑏;𝐵(𝑏)) |𝑐| _toggle(𝑐, 𝑐^′)}

≈cell𝑐^′(𝑏^′.affine𝑏^′;(cut{𝐵(𝑏) |𝑏| _not(𝑏, 𝑏^′)})) [cell-toggle]

cut{cell𝑐(𝑏.affine𝑏;𝐵(𝑏)) |𝑐| _obs(𝑐, 𝑥, 𝑐^′)}

≈par{send𝑥(𝑏.𝐵(𝑏));close𝑥 | |cell𝑐^′(𝑏^′.affine𝑏^′;false(𝑏^′))} [cell-obs]

cut{cell𝑐(𝑏.affine𝑏;𝐵(𝑏)) |𝑐| _toggle(𝑐, 𝑐^′)}

=cut{cell𝑐(𝑏.affine𝑏;𝐵(𝑏)) |𝑐| take𝑐(𝑏);put𝑐(𝑏^′.affine𝑏^′;use𝑏;^not(𝑏, 𝑏^′));fwd𝑐 𝑐^′} (by def. of^toggle(𝑐, 𝑐^′))

≈cut{empty𝑐|𝑐| affine𝑏;𝐵(𝑏)|𝑏|put𝑐(𝑏^′.affine𝑏^′;use𝑏;not(𝑏, 𝑏^′));fwd𝑐 𝑐^′} (by→rule [S^𝑓 U^𝑓 𝑡])

≈cut{empty𝑐 |𝑐| put𝑐(𝑏^′.affine𝑏^′;cut{affine𝑏;𝐵(𝑏) |𝑏| use𝑏;^not(𝑏, 𝑏^′)});fwd𝑐 𝑐^′} (by≈rules [CPut] and [CAffine])

≈cut{empty𝑐 |𝑐| put𝑐(𝑏^′.affine𝑏^′;cut{𝐵(𝑏) |𝑏^′| _not(𝑏, 𝑏^′)});fwd𝑐 𝑐^′} (by→[∧ ∨𝑢])

≈cut{cell𝑐(𝑏.affine𝑏^′;cut{𝐵(𝑏) |𝑏^′| _not(𝑏, 𝑏^′)}) |𝑐| fwd𝑐 𝑐^′} (by→rule [S^𝑒 U^𝑒])

≈cell𝑐^′(𝑏.affine𝑏^′;cut{𝐵(𝑏) |𝑏^′| _not(𝑏, 𝑏^′)}) (by→[fwd])

cut{cell𝑐₀(𝑏.affine𝑏;true(𝑏)) |𝑐₀| 𝑃}

(by def. of𝑃)

≈cut{cell𝑐₀(𝑏.affine𝑏;true(𝑏))|𝑐₀| _toggle(𝑐₀, 𝑐₁)|𝑐₁| _obs(𝑐₁, 𝑥, 𝑐₂)|𝑐₂|release𝑐₂} (by [cell-toggle])

≈cut{affine𝑏^′;cut{_true(𝑏) |𝑏| _not(𝑏, 𝑏^′)})|𝑐₁| _obs(𝑐₁, 𝑥, 𝑐₂)|𝑐₂|release𝑐₂} (sincecut{_true(𝑏) |𝑏| _not(𝑏, 𝑏^′)}−→⁺ _false(𝑏^′), see Example4)

≈cut{cell𝑐₁(𝑏^′.affine𝑏^′;false(𝑏^′))cut𝑐₁ _obs(𝑐₁, 𝑥, 𝑐₂)cut𝑐₂release𝑐₂} (by [cell-obs])

≈par{send𝑥(𝑏._false(𝑏));close𝑥 | |cut{cell𝑐₂(𝑏.affine𝑏;false(𝑏)) |𝑐₂| release𝑐₂}}

(by→rules [S^𝑓 U^𝑓 𝑟] and [∧ ∨𝑑])

≈par{send𝑥(𝑏._false(𝑏));close𝑥 | |0} (by≡unit rule [0M])

≈send𝑥(𝑏._false(𝑏));close𝑥

Figure 8.5: Cut elimination: example.

For suppose, in order to derive a contradiction, that𝑄 has an imperative construct, then it uses one of the typing rules [Tcell], [Tempty] [Tfree], [Ttake], [Tput], [Tsh], [TshL] or [TshR], which necessarily introduce either aS^𝑓 𝐴or aU^𝑓 𝐴modality.

But then, by the Subformula Property1, we conclude that there should exist a type𝐵 inΔ;Γfor whichS𝑓 𝐴≤𝐵, which contradicts the fact thatΔ;Γis a pure typing context.

Now, we show that𝑄is cut-free. For suppose that𝑄 has a cut, since it is a normal process the cut must be an open cellcut{cell𝑦(−.−)|𝑦| share𝑦{−| |−}}, but then it implies that𝑄has imperative constructs and, hence is not pure, which is a contradiction.

Example 16. In this example we apply Corollary2and show to derive, by doing simple algebraic-like

≈-manipulations, a sum of pure processes that summarises the behaviour of a stateful program.

Consider a stateful process

system(𝑥) ⊢𝑥:Bool⊗1 defined by

system(𝑥)≜

cut{cell𝑐₀(𝑏.affine𝑏;true(𝑏)) |𝑐₀|

share𝑐₀{cut{_toggle(𝑐₀, 𝑐₁) |𝑐₁| release𝑐₁}| |cut{_obs(𝑐₀, 𝑥, 𝑐₁) |𝑐₁| release𝑐₁}}}

where

toggle(𝑐, 𝑐^′) ≜ ^take^𝑐(𝑏);put𝑐(𝑏.affine𝑏^′;use𝑏;^not(𝑏, 𝑏^′));fwd𝑐 𝑐^′ obs(𝑐, 𝑥, 𝑐^′) ≜ ^take^𝑐(𝑏);par{use𝑏;send𝑥(𝑏);close𝑥 | |

put𝑐(𝑏^′.affine𝑏^′;false(𝑏^′));fwd𝑐 𝑐^′}

Process^system(𝑥)composes a reference boolean cell𝑐₀:S^𝑓 Bool, initially storing the boolean^true, with two atomic actions: one that toggles the cell state and another that observes. The booleans and their basic operations were previously defined in Example4.

The toggle action is defined by composing, via a cut on𝑐₁, process^toggle(𝑐₀, 𝑐₁)withrelease𝑐₁. Process

toggle(𝑐, 𝑐^′) ⊢𝑐:U^𝑓 Bool,S^𝑓 Bool

updates the reference cell with its negated boolean and forwards its updated state to𝑐^′.

Likewise, the observation operation is defined by composing^obs(𝑐₀, 𝑥, 𝑐₁) withrelease𝑐₁. Process

obs(𝑐, 𝑥, 𝑐^′) ⊢𝑐:U^𝑓 Bool, 𝑥:Bool⊗1, 𝑐^′ :S^𝑓 Bool

observes cell𝑐by sending the stored boolean on a session𝑥, after which𝑥is closed, then it resets the cell𝑐to^falseand forwards the updated cell to𝑐^′.

Process^system(𝑥)internally manipulates a reference cell, but since it types with a pure typing context, by Corollary2, there must exist a cut-free pure process^system^′(𝑥) ⊢ 𝑥 :Bool⊗1such that^system(𝑥) ≈_system^′(𝑥).

Indeed, let

system^′(𝑥)≜^send^𝑥(𝑏.^affine^𝑏;false(𝑏));close𝑥+send𝑥(𝑏.affine𝑏;true(𝑏));close𝑥 The cut-free pure process^system^′(𝑥) ⊢𝑥 :^Bool⊗1summarises the behaviour of^system(𝑥)as a sum of pure process that send either the boolean^falseor^true, depending on the nondeterministic scheduling of the two concurrent atomic actions toggle and observe.

We will now show how to compute^system^′(𝑥)by doing simple algebraic manipulations, as expressed by the complete set of commuting conversions≈(Def.26).

First, we will start by expanding the share of usage𝑐₀of^system(𝑥)into a sum of sequential usages

share𝑐₀{cut{_toggle(𝑐₀, 𝑐₁) |𝑐₁| release𝑐₁} | |cut{_obs(𝑐₀, 𝑥, 𝑐₁) |𝑐₁| release𝑐₁}} ≈𝑃+𝑄

where

𝑃 ≜ ^cut^{(^cut^{^toggle^(𝑐0, 𝑐₁) |𝑐₁| _obs(𝑐₁, 𝑥, 𝑐₂)}) |𝑐₂| release𝑐₂} 𝑄 ≜ ^cut^{(^cut^{^obs^(𝑐0, 𝑥, 𝑐₁) |𝑐₁| _toggle(𝑐₁, 𝑐₂)}) |𝑐₂| release𝑐₂}

The sum is exhibited by first applying≈law [TSh] that interleaves the two concurrent take actions.

Then, we apply further laws of≈to each summand that allows us to push the structure inside the share constructs outside, like for example≡rule [PSh] and≈rule [ShUse]. Finally, by applying the identity≡law [RSh]share𝑥 {release𝑥 | | 𝑅} ≡ 𝑅we get rid of the share construct, obtaining the sequential cell usages defined by𝑃and𝑄.

Process𝑃corresponds to the cell usage scheduling where we first toggle the cell and only then do the observation, whereas𝑄corresponds to the scheduling in which the observation is done before the toggle.

Applying≡law [CSm] allows us to distribute the cell over each summand system(𝑥) ≈ cut{cell𝑐(𝑏.affine𝑏;true(𝑏)) |𝑐| (𝑃+𝑄)}

≈ (cut{cell𝑐(𝑏.affine𝑏;^true(𝑏)) |𝑐| 𝑃}) + (cut{cell𝑐(𝑏.affine𝑏;^true(𝑏)) |𝑐| 𝑄}) and then cut elimination proceeds independently for each summand.

The following auxiliary≈-equivalences

cut{cell𝑐(𝑏.affine𝑏;𝐵(𝑏)) |𝑐| _toggle(𝑐, 𝑐^′)}

≈cell𝑐^′(𝑏^′.affine𝑏^′;(cut{𝐵(𝑏) |𝑏| _not(𝑏, 𝑏^′)})) [cell-toggle]

cut{cell𝑐(𝑏.affine𝑏;𝐵(𝑏)) |𝑐| _obs(𝑐, 𝑥, 𝑐^′)}

≈par{send𝑥(𝑏.𝐵(𝑏));close𝑥 | |cell𝑐^′(𝑏^′.affine𝑏^′;^false(𝑏^′))} [cell-obs]

allows us to compute the result of the interaction of a cell𝑐storing an arbitrary boolean𝐵(𝑏)with processes^toggle(𝑐, 𝑐^′)and^obs(𝑐, 𝑥, 𝑐^′), respectively.

Fig.8.5shows how to derive step-by-step law [cell-inc], law [cell-obs] can be derived in a similar way. It shows≈-equalities [cell-toggle] and [cell-obs] for interaction between a natural reference cell and the imperative atomic toggle and observe operations. The equalities are presented on top. Then, we show how to derive step-by-step [cell-toggle]. We also show how the≈-equalities [cell-toggle]

and [cell-obs] are then used to simplify a stateful process, obtaining a pure one.

Then, we obtain

cut{cell𝑐₀(𝑏.affine𝑏;true(𝑏)) |𝑐₀| 𝑃} ≈send𝑥(𝑏._false(𝑏));close𝑥 the derivation of which is also displayed in Fig.8.5. Similarly one may derive

cut{cell𝑐₀(𝑏.affine𝑏;^true(𝑏)) |𝑐₀| 𝑄} ≈send𝑥(𝑏._true(𝑏));close𝑥 and this concludes the derivation of the simplified cut-free pure process^system^′(𝑥).

No documento CLASS: A Logical Foundation for Typeful Programming with Shared State (páginas 150-155)