A judgmental reconstruction of modal logic

s from any particular notion of e ect (such as update of mutable references, or raising of exceptions). In this way, it is similar to modal logic which reasons about necessity and possibility, but abstracts from any particular collection of worlds. Benton, Biermann and de Paiva [BBdP98] showed that the computational -calculus is connected to lax logic via proof term assignment. We show the relevant fragment of the calculus here. We use the notation of lax logic, writing A for the computations of type A, rather than TA or MA. hyp ; x:A; 0 ` x : A ; x:A ` e : B )I ` x:A: e : A) B ` f : A) B ` e : A)E ` f e : B ` e : A I ` val e : A ` e : A ; x:A ` f : C E ` let valx = e in f : C We have the following two local reductions. ( x:A: f) e =)R [e=x]f let valx = val e in f =)R [e=x]f However, these do not su ce as the basis for an operational semantics, because of the unusual elimination rule for the lax modality. We need the following additional rule, which does not fall into the class of local reductions but has the form of a commuting reduction. let valx2 = (let valx1 = e1 in e2) in e =)C let valx1 = e1 in (let valx2 = e2 in e) The local expansions are not computationally relevant, but correspond to extensionality. They are less problematic. e : A) B =)E x:A: e x e : A =)E let valx = e in valx We can x the anomaly in the reduction relation through the judgmental reconstruction of lax logic in Section 7. We have two judgment forms M : A (M is a proof of A true) and E : A (E is a proof of A lax). The de nition of the lax modality yields the following principles. If `M : A then `M : A If ` E : A and ; x:A ` F : C then ` hE=xiF : C The introduction and elimination rules: ` E : A I ` valE : A `M : A ; x:A ` E : C E ` let valx =M in E : C 18 Then the local reductions and expansions have the following form. ( x:A: M)N =)R [N=x]M let valx = valE in F =)R hE=xiF M : A) B =)E x:A: M x M : A =)E val (let valx =M in x) Lax substitution hE=xiF is de ned inductively on the structure of E. hM=xiF = [M=x]F hlet val y =M in E=xiF = let val y =M in hE=xiF We now show the proof terms for the characteristic axioms of lax logic. ` x:A: valA : A) A ` x: A: val (let val y = x in let val z = y in z) : A) A ` x:A) B: y: A: val (let val z = y in x z) : (A) B)) ( A) B) The following two mutually recursive translations from terms in the computational -calculus to lax terms have several desirable properties, as we demonstrate below. e] is de ned for arbitrary well-typed terms e, while e> is de ned only for terms e whose type has the form A. x] = x ( x:A: e)] = x:A: e] (e1 e2)] = e]1 e]2 (val e)] = val e] (let valx = e1 in e2)] = val (let valx = e1 in e2)> (let valx = e1 in e2)> = he>1 =xie>2 (val e)> = e] x> = let valx0 = x] in x0 (e1 e2)> = let valx0 = (e1 e2)] in x0 We write L () RE for the congruence relation generated by local reductions and expansions in the lax -calculus, and C () C and C () REC for the congruence relations generated by commuting conversion, and local reduction, expansion, and commuting conversion, respectively, in the computational -calculus. We also write C̀ and L̀ for hypothetical judgments in the computational -calculus and lax logic, respectively. Theorem 2 (Computational -Calculus and Lax Logic) 1. C̀ e : A i L̀ e] : A. 19 2. C̀ e : A i L̀ e> : A. 3. If e C () C f then e] = f ]. 4. e C () REC f i e] L () RE f ]. Proof: The typing properties (1) and (2) follow by an easy simultaneous induction on the de nition of the translations, using inversion on the given typing derivations. Part (3) con rms that the commuting reduction of the computational calculus is not necessary in our formulation of lax logic|terms which di er by commuting reductions are actually equal (modulo the possible renaming of bound variables as usual). This is easy to show by direct calculation, using the property that hhE1=x1iE2=x2iE3 = hE1=x1i(hE2=x2iE3) if x1 occurs only in E2 and x2 only in E3. Part (4) shows that the equational theory of the computational -calculus is respected by the translation. From left to right this follows by simple calculation for each possible conversion, using elementary properties of substitution. From right to left we de ne two reverse translations M [ and E? as follows: x[ = x ( x:A: M)[ = x:A: M [ (M1M2)[ = M [ 1M [ 2 (valE)[ = E? (let valx =M in E)? = let valx =M [ in E? M? = valM [ We then show 1. if L̀ M : A then C̀ M [ : A, and 2. if L̀ E A then C̀ E? : A. This reverse translation preserves equality: 1. If M L () RE N then M [ C () REC N [. 2. If E L () RE F then E? C () REC F?. 3. (e])[ C () REC e. 4. (e>)? C () REC e. Therefore, e] L () RE f ] implies e C () REC (e])[ C () REC (f ])[ C () REC f . We also conjecture a strong relationship between reduction sequences in the two calculi under the given translation, even though a direct simulation 20 theorem fails. A further study of computational behavior is beyond the scope of this paper. As an alternative to a direct term assignment for lax logic, we can use the embedding of lax logic in modal logic to give an account of the computational -calculus in modal logic. A proposal along similar lines has been made by Kobayashi [Kob97], with an emphasis on a categorical semantics. His natural deduction formulation, and therefore his programming language concepts, are not satisfactory. In particular, his system requires simultaneous substitutions in two rules to model validity (as in [BdP96]), and also has a somewhat unmotivated interaction between possibility and falsehood. Our formulation below eliminates the rst de ciency and can be extended to avoid the second. We show the embedding from Section 7 on proof terms. First, we recall the embedding of propositions. (A) B)+ = 2A+ B+ ( A)+ = 32A+ P+ = P for atomic P Intuitively, the type 2A denotes stable values, that is, values which survive e ects. The type 3A denotes computations returning values of type A. In the computational -calculus, all values are stable, so a function A ) B accepts a stable value of type A and returns a value of type B, while A is a computation which returns a stable value of type A. It is not clear if the possibility to consider values which are not stable is of much practical interest, but it is conceivable, for example, that an e ect such as deallocation of memory could destroy some values, while others survive. We assume that for every variable x:A in the lax -calculus there is a corresponding variable ux::A+ in the modal -calculus. We de ne the translations M+ and E . ( x:A: M)+ = x:2A+: let boxux = x inM+ x+ = ux (M N)+ = M+ (boxN+) (valE)+ = diaE (let valx =M in E) = let diax =M+ in (let boxux = x in E ) M = boxM+ We writeM L =)R N for local reduction in the lax -calculus, andM M =)R N for local reduction in the modal -calculus. Moreover, we write M M =) R N for an arbitrary number reductions. As before we use () RE for the congruence relation generated by local reduction and expansion. Theorem 3 (Lax -Calculus in Modal -Calculus) 1. L̀ M : A i +; M̀ M+ : A+. 2. L̀ E : A i +; M̀ E 2A+. 21 3. If M L =)R N then M+ M =) R N+. 4. If E L =)R F then E M =) R F . 5. M L () RE N i M+ M () RE N+. 6. E L () RE F i E M () RE F . Proof: The rst two properties are veri ed as in the proof of Theorem 1. The proof of the next two properties is by cases. We see that each reduction translates into precisely two consecutive reductions. Furthermore, if the original reductions are outermost, so are the two consecutive reductions on the image. This means that the structure of computations in the lax -calculus is preserved under the interpretation. Finally, the preservation of equality from left to right is proven by cases, using elementary substitution properties. From right to left we de ne two inverse translations, M and E$: (A B) = A ) B (2A) = A (3A) = A P = P ( x:A: M) = x:A : M (M1M2) = M 1 M 2 x = x (boxM) = M (let boxu =M in N) = [M =xu]N u = xu (diaE) = valE$ (let diax =M in E)$ = let valx =M in E$ M$ = M This translation satis es 1. If ; M̀ M : A then ; L̀ M : A . 2. If ; M̀ E A then ; L̀ M$ : A . 3. (M+) =M . 4. (E )$ = E. 5. If M M () RE N then M L () RE N . 6. If E M () RE F then E$ L () RE F $. From this we directly conclude the reverse directions of the biconditionals in properties (5) and (6). 22 9 Commuting Conversions and Normal Forms In this paper, we do not carry out a full study of possible equational theories for the proof term calculus underlying modal logic. However, to understand proof search and computational interpretations of a logic, it is important to understand the notion of a normal form and the reductions necessary to transform a term into normal form. We view this as an extension of the local soundness and completeness properties from individual inference rules to the full logic. In our view, normal derivations arise from a judgmental decomposition of truth, based on the form of evidence provided. A minimal requirement for a direct proof of a proposition A is that it should be based entirely on constituent propositions of A. We will impose an even stronger condition derived from the meaning explanation of the connectives: a proof is normal if it decomposes the available assumptions by means of elimination rules and then assembles a proof of the conclusion by means of introduction rules. Viewed in terms of proof search: we work backwards from the goal by using introduction rules and forwards from the hypotheses by elimination rules. Since introduction and elimination rules are independent of each other, the notion can be de ned separately for each propositional connective. Note that a derivation may not have a local redex, yet may fail to be normal. This is because some elimination rules (for example, for 2 and 3) do not change the proposition C in the succedent. Therefore the reduction rules for these connectives may need to be augmented by commuting reductions in order to achieve a satisfactory normal form. We present the judgments of normal and extraction proofs directly on proof terms. The primitive judgments are: u + A u is an extraction proof of A valid M # A M is an extraction proof of A true M " A M is a normal proof of A true E * A E is a normal proof of A poss Note that u+A is used only as an antecedent (where u is a variable), while M " A and E * A are used only as succedents in hypothetical judgments. We continue to use for collections of the form u+A and for collections of the form x#A. Hypotheses. hyp ; ; x#A; 0 ` x # A hyp ; u+A; 0; ` u # A Inclusions. ; `M # A #" ; `M " A ; `M " A "* ; `M * A 23 Implication. ; ; x#A `M " B I ; ` x:A: M " A B ; `M # A B ; ` N " A E ; `MN # B Necessity. ; `M " A 2I ; ` boxM " 2A ; `M # 2A ; u+A; ` N " C 2E ; ` let boxu =M in N " C ; `M # 2A ; u+A; ` E * C 2Ep ; ` let boxu =M in E * C The succedent C does not change in the elimination rules. It is therefore possible that C is introduced above and eliminated below the 2E rule. A commuting conversion allows us to move another elimination rule up past the 2E rule. In order to preserve orthogonality of the connectives, we formulate this in a open-ended manner. We write O[N ] for a term O with a single occurrence of N where no free variables in N are bound in O. O[let boxu =M in N ] =)C let boxu =M in O[N ] assuming all terms have appropriate type and O[x] consists of a sequence of elimination rules applied to x. In practice, we usually restrict this to a single elimination rule, from which the general case can be derived by successive commuting reductions. Note that no commuting conversion for 2Ep is needed, since we cannot apply an elimination inference to a judgment C poss. Possibility. ; ` E * A 3I ; ` diaE " 3A ; `M # 3A ;x#A ` E * C 3E ; ` let diax =M in E * C The for 2E does not apply here, since we cannot apply an elimination rule to the judgment C poss. Therefore, no commuting reductions are needed. The main theorem now states that normal deductions as de ned above contain no redices, and vice versa. Theorem 4 (Normal Forms and Reductions) Assume `M : A and ` E A. 1. ; `M " A i there is no M 0 such that M =)R M 0 or M =)C M 0. 2. ; ` E * A i there is no E0 such that E =)R E0 or E =)C E0. Proof: From left to right we generalize the statement to include extraction proofs and then proceed by simultaneous induction on the structure of the given derivations, using extensive case analysis. From right to left the theorem follows by case analysis on local or commuting reductions. 24 The calculus further satis es a normalization theorem. This can be proveneither directly via Tait's method as in [Pra71], by a detour via cut eliminationas in [Pfe99], via CPS translation as in [dG99], or via an interpretation into asimply-typed lambda-calculus with disjunction [BBdP98]. The latter is in manyways the simplest and easily extends to additional connectives. We map both2A and 3A as > _ A so that commuting reductions can be modeled in thetarget calculus. Formal statements and proofs of these results are beyond thescope of this paper.We further conjecture that our modal -calculus permits long normal forms.These are de ned by restricting the transition from extractions to normal deriva-tions to atomic propositions. ; `M # P #"; `M " PThis might be proven by using the translations between natural deduction andthe sequent calculus as in [Pfe99], together with a cut elimination argument formodal logic in a formulation based on judgments very similar to the one forlinear logic in [Pfe94]. At present, we have not veri ed the details of such aconstruction.10 ConclusionWe have presented a judgmental reconstruction of the modal logic of necessityand possibility, leading to a clean and simple formulation of natural deductionand associated proof terms. Because the de nitions of logical connectives areorthogonal in this approach, other propositional connectives can easily be addedwith their usual introduction and elimination rules. We plan to investigate ex-tensions to rst-order logic and type theory, which require parametric judgmentsand more attention to the question when propositions are well-formed. We havealso left the study of various normalization properties, as well as a formulationof a sequent calculus and cut elimination to a future paper.Another approach to the explanation of modal logic is via Kripke structures.This uses the basic judgments \proposition A is true in world w", and \world w0is reachable from world w". While more verbose and requiring explicit reasoningabout worlds, this approach is also more exible in that various traditionalmodal logics can be expressed simply by varying the reachability judgment.Vigano [Vig97] has conducted a systematic study of modal logic via Kripkestructures from the point of view of logical frameworks.In certain cases this can be simpli ed to obtain a formulation of natural de-duction employing a stack of contexts, representing a path through the Kripkestructure. Variations of this idea can be found in [MM94, PW95, DP99], includ-ing a very ne-grained study of reduction in [GL96, GL97]. These are naturalfor some applications of necessity, but it does not appear that similarly compactand elegant versions exist for possibility.25 One particularly fruitful interpretation of 2A is as the intensional type forexpressions denoting elements of type A. Embedding types of this form in aprogramming language means that we can compute with expressions as well asvalues. The term boxM quotes the expressionM , and the construct let boxu =M in N binds u to the expression computed by M and then computes the valueof N . The restrictions placed on the introduction rule for 2A mean that a termboxM can only refer to other expression variables u but not value variables x.This is consistent with the intensional interpretation of 2A, since we may notknow an expression which denotes a given value and therefore cannot permit anarbitrary value as an expression.The local reduction rules can be extended to an operational semantics byimposing a call-by-name or call-by-value strategy. In either case, we do not per-mit reductions under a box constructor, since this would violate its intensionalnature.If we choose a call-by-value strategy, we obtain a natural explanation ofcomputation in multiple stages and, at a lower level, run-time code genera-tion [DP96, WLPD98, DP99]. Alternatively, we can add constructs for patternmatching against an expression. If we also retain extensionality as given bythe local expansions, we can obtain a calculus suitable as a meta-logical frame-work, that is, a logical framework in which we can reason about the speci edlogics [DPS97]. The modal operator here serves to avoid the usual paradoxeswhich would arise if we incorrectly identify an expression with its denotation.In this paper we have also shown how lax logic can be embedded naturally inmodal logic with necessity and possibility. Following work by S. Kobayashi [Kob97]and Benton, Bierman, and de Paiva [BBdP98], this yields a new formulationof the computational -calculus. A possible future direction of research is totry to exploit the additional expressive power a orded by the modal logic as asemantic framework when compared to the computational -calculus.References[Acz99] Peter Aczel. The Russel-Prawitz modality. In M. Fairtlough, editor,Informal Proceedings of the Workshop on Intuitionistic Modal Logicsand Applications, Trento, Italy, July 1999.[AdPR98] Natasha Alechine, Valeria de Paiva, and Eike Ritter. Relating cate-gorical and kripke semantics for intuitionistic modal logics. In Pro-ceedings of the Conference on Advances in Modal Logic (AIML'98),Uppsala, Sweden, 1998. CSLI.[BBdP98] P. N. Benton, G. M. Bierman, and V. C. V. de Paiva. Compu-tational types from a logical perspective. Journal of FunctionalProgramming, 8(2):177{193, March 1998.26 [BdP96] Gavin Bierman and Valeria de Paiva. Intuitionistic necessity revis-ited. Technical Report CSRP-96-10, School of Computer Science,University of Birmingham, June 1996.[dG99]Philippe de Groote. On the strong normalization of natural deduc-tion with permutation-conversions. In P. Narendran and M. Rusi-nowitch, editors, Proceedings of the 10th International Conferenceon Rewriting Techniques and Applications (RTA-99), pages 45{59,Trento, Italy, July 1999. Springer-Verlag LNCS 1631.[DP96] Rowan Davies and Frank Pfenning. A modal analysis of stagedcomputation. In Guy Steele, Jr., editor, Proceedings of the 23rdAnnual Symposium on Principles of Programming Languages, pages258{270, St. Petersburg Beach, Florida, January 1996. ACM Press.[DP99] Rowan Davies and Frank Pfenning. A modal analysis of stagedcomputation. Submitted. Available as Technical Report CMU-CS-99-153, August 1999.[DPS97] Joelle Despeyroux, Frank Pfenning, and Carsten Schurmann. Prim-itive recursion for higher-order abstract syntax. In R. Hind-ley, editor, Proceedings of the Third International Conference onTyped Lambda Calculus and Applications (TLCA'97), pages 147{163, Nancy, France, April 1997. Springer-Verlag LNCS 1210. Anextended version is available as Technical Report CMU-CS-96-172,Carnegie Mellon University.[FM94] M. Fairtlough and M.V. Mendler. An intuitionistic modal logic withapplication to the formal veri cation of hardware. In L. Pacholskiand J. Tiuryn, editors, Proceedings of the 8th Workshop on Com-puter Science Logic (CSL'94), pages 354{368, Kazimierz, Poland,September 1994. Springer-Verlag LNCS 933.[FM97] M. Fairtlough and M.V. Mendler. Propositional lax logic. Informa-tion and Computation, 137(1):1{33, August 1997.[FMW97] Matt Fairtlough, Michael Mendler, and Matt Walton. First-orderlax logic as a framework for constraint logic programming. Techni-cal Report MIP-9714, University of Passau, Passau, Germany, July1997.[Gen35] Gerhard Gentzen. Untersuchungen uber das logische Schlie en.Mathematische Zeitschrift, 39:176{210, 405{431, 1935. Englishtranslation in M. E. Szabo, editor, The Collected Papers of Ger-hard Gentzen, pages 68{131, North-Holland, 1969.[GL96] Jean Goubault-Larrecq. On computational interpretations of themodal logic S4, parts I{III. Technical Reports 1996-33,34,35, In-stitut fur Logik, Komplexitat und Deduktionssysteme, UniversitatKarlsruhe, Karlsruhe, Germany, 1996.27 [GL97] Jean Goubault-Larrecq. On computational interpretations of themodal logic S4, part IIIb. Technical Report 3164, INRIA, France,May 1997.[HM94] Joshua Hodas and Dale Miller. Logic programming in a frag-ment of intuitionistic linear logic. Information and Computation,110(2):327{365, 1994. A preliminary version appeared in the Pro-ceedings of the Sixth Annual IEEE Symposium on Logic in Com-puter Science, pages 32{42, Amsterdam, The Netherlands, July1991.[Kob97] Satoshi Kobayashi. Monad as modality. Theoretical Computer Sci-ence, 175:29{74, 1997.[ML80] Per Martin-Lof. Constructive mathematics and computer program-ming. In Logic, Methodology and Philosophy of Science VI, pages153{175. North-Holland, 1980.[ML85] Per Martin-Lof. On the meanings of the logical constants and thejusti cations of the logical laws. Technical Report 2, Scuola di Spe-cializzazione in Logica Matematica, Dipartimento di Matematica,Universita di Siena, 1985.[ML94] Per Martin-Lof. Analytic and synthetic judgements in type theory.In P. Parrini, editor, Kant and Contemporary Epistemology, pages87{99. Kluwer Academic Publishers, 1994.[MM94] Simone Martini and Andrea Masini. A computational interpretationof modal proofs. In H. Wansing, editor, Proof Theory of ModalLogics. Kluwer, 1994. Workshop proceedings.[Mog89] Eugenio Moggi. Computational lambda calculus and monads. InProceedings of the Fourth Symposium on Logic in Computer Sci-ence, pages 14{23, Asilomar, California, June 1989. IEEE ComputerSociety Press.[Mog91] Eugenio Moggi. Notions of computation and monads. Informationand Computation, 93(1):55{92, 1991.[Pfe94] Frank Pfenning. Structural cut elimination in linear logic. Tech-nical Report CMU-CS-94-222, Department of Computer Science,Carnegie Mellon University, December 1994.[Pfe99] Frank Pfenning. Automated theorem proving. Unpublished lecturenotes, November 1999.[Pra65] Dag Prawitz. Natural Deduction. Almquist & Wiksell, Stockholm,1965.28 [Pra71] Dag Prawitz. Ideas and results in proof theory. In J.E. Fenstad,editor, Proceedings of the Second Scandinavian Logic Symposium,pages 235{307. North-Holland Publishing Co., 1971.[PW95] Frank Pfenning and Hao-ChiWong. On a modal -calculus for S4. InS. Brookes and M. Main, editors, Proceedings of the Eleventh Con-ference on Mathematical Foundations of Programming Semantics,New Orleans, Louisiana, March 1995. Electronic Notes in Theoret-ical Computer Science, Volume 1, Elsevier.[Vig97] Luca Vigan o. A Framework for Non-Classical Logics. PhD thesis,Universitat des Saarlandes, September 1997.[WLPD98] Philip Wickline, Peter Lee, Frank Pfenning, and Rowan Davies.Modal types as staging speci cations for run-time code generation.ACM Computing Surveys, 30(3es), September 1998.29