From adamc at hcoop.net Wed Jun 18 19:06:40 2008 From: adamc at hcoop.net (Adam Chlipala) Date: Wed, 18 Jun 2008 19:06:40 -0400 Subject: [POPLmark] Denotational methods? Message-ID: <48599500.8010106@hcoop.net> I wanted to announce a relevant paper which will appear at ICFP this year, as well as voice an unpopular viewpoint and see what people have to say about it. The paper is at: http://adam.chlipala.net/papers/PhoasICFP08/ This is a technique for doing HOAS-like encoding in Coq, in a way that supports effective denotational semantics and proofs about them. There are certified (with proofs of type preservation and semantic preservation) translations for a bunch of typed lambda calculi exhibiting the main dimensions of complexity in variable binding, and most of the proofs are mostly automated. I've found denotational Coq proofs in this style to be very pleasant. They're so pleasant that I'm wondering why more people aren't doing them. Thus, I want to ask in this e-mail: why do you prefer to do formal proofs with operational semantics over (type-theoretic) denotational semantics? Most of the published work about mechanized proofs is for metatheorems like safety and strong normalization for simple, pure languages. You get these proofs implicitly by giving the languages semantics by translation into type theories that enjoy the same properties. Impure, Turing-complete languages can be handled similarly using rich enough meta languages. (I'm close to releasing a new version of my Coq library that has a deep embedding of a meta language of this kind, which should be usable to formalize "any" object language.) Semantic proofs just seem to mesh better with automation. In Coq, computational reductions are no-ops in all proofs, and with type-theoretic denotational semantics, all of a language's dynamic semantics ends up phrased as reductions of the meta language. So, it looks to me like a lot of people are expending significant amounts of unnecessary energy developing operational mechanizations. I'm hoping that some people on this list will be eager to tell me why I'm wrong. ;-) From Peter.Sewell at cl.cam.ac.uk Wed Jun 18 19:25:14 2008 From: Peter.Sewell at cl.cam.ac.uk (Peter Sewell) Date: Thu, 19 Jun 2008 00:25:14 +0100 Subject: [POPLmark] Denotational methods? In-Reply-To: <48599500.8010106@hcoop.net> References: <48599500.8010106@hcoop.net> Message-ID: >Thus, I want to ask in this e-mail: why do you prefer to do >formal proofs with operational semantics over (type-theoretic) >denotational semantics? One reason: because I don't know how to give really satisfactory denotational semantics for complex languages with either concurrency or an accumulation of real-world quirks (formally or informally). Operational techniques deal fine with both, as far as language definition goes, letting one defer the problem of characterizing observational congruences until (possibly much) later. Peter From adamc at hcoop.net Thu Jun 19 09:31:33 2008 From: adamc at hcoop.net (Adam Chlipala) Date: Thu, 19 Jun 2008 09:31:33 -0400 Subject: [POPLmark] Denotational methods? In-Reply-To: References: <48599500.8010106@hcoop.net> Message-ID: <485A5FB5.1040308@hcoop.net> Peter Sewell wrote: >> Thus, I want to ask in this e-mail: why do you prefer to do >> formal proofs with operational semantics over (type-theoretic) >> denotational semantics? >> > > One reason: because I don't know how to give really satisfactory > denotational semantics for complex languages with either concurrency > or an accumulation of real-world quirks (formally or informally). > Operational techniques deal fine with both, as far as language > definition goes, letting one defer the problem of characterizing > observational congruences until (possibly much) later. > It seems plausible to me that the easiest formalizations of this kind to work with would involve denotation functions targeting a domain that retains syntactic features only in describing "externally observable actions." You could handle all "classical" computation features purely denotationally, with a scheduler running those computations as black boxes between synchronization points. Does anyone know of any formalizations (mechanized or otherwise) that use this approach? From appel at CS.Princeton.EDU Thu Jun 19 09:41:22 2008 From: appel at CS.Princeton.EDU (Andrew W. Appel) Date: Thu, 19 Jun 2008 09:41:22 -0400 Subject: [POPLmark] Denotational methods? In-Reply-To: <485A5FB5.1040308@hcoop.net> References: <48599500.8010106@hcoop.net> <485A5FB5.1040308@hcoop.net> Message-ID: <485A6202.6080407@cs.princeton.edu> An HTML attachment was scrubbed... URL: http://lists.seas.upenn.edu/pipermail/poplmark/attachments/20080619/fb6ca140/attachment.htm From crary at cs.cmu.edu Thu Jun 19 14:20:25 2008 From: crary at cs.cmu.edu (Karl Crary) Date: Thu, 19 Jun 2008 14:20:25 -0400 Subject: [POPLmark] Denotational methods? In-Reply-To: <48599500.8010106@hcoop.net> References: <48599500.8010106@hcoop.net> Message-ID: <485AA369.9040803@cs.cmu.edu> Hi Adam, I don't really think it's a question of mechanization. I prefer operational techniques to denotational ones in mechanized proofs for the same reason that I prefer them in paper proofs. Operational proofs are simple and scale easily to new features. Denotational proofs often require additional mathematics (eg, power domains for nondeterminism) to make them work, which adds significant overhead. Worse, in many cases the mathematics does not yet exist. For a serious language, I would be very surprised if any mechanization improvement with denotational methods would outweigh the intrinsic advantages of operational methods. (A Princeton-style operational-denotational hybrid might be a different story, but I think it might be too operational for your purposes.) Moreover, at least in Twelf, I don't feel there's a significant amount of extra energy expended mechanizing an operational semantics. If there is in Coq, I'm interested to hear it! -- Karl Adam Chlipala wrote: > I wanted to announce a relevant paper which will appear at ICFP this > year, as well as voice an unpopular viewpoint and see what people have > to say about it. The paper is at: > http://adam.chlipala.net/papers/PhoasICFP08/ > > This is a technique for doing HOAS-like encoding in Coq, in a way that > supports effective denotational semantics and proofs about them. There > are certified (with proofs of type preservation and semantic > preservation) translations for a bunch of typed lambda calculi > exhibiting the main dimensions of complexity in variable binding, and > most of the proofs are mostly automated. > > I've found denotational Coq proofs in this style to be very pleasant. > They're so pleasant that I'm wondering why more people aren't doing > them. Thus, I want to ask in this e-mail: why do you prefer to do > formal proofs with operational semantics over (type-theoretic) > denotational semantics? > > Most of the published work about mechanized proofs is for metatheorems > like safety and strong normalization for simple, pure languages. You > get these proofs implicitly by giving the languages semantics by > translation into type theories that enjoy the same properties. Impure, > Turing-complete languages can be handled similarly using rich enough > meta languages. (I'm close to releasing a new version of my Coq library > that has a deep embedding of a meta language of this kind, which should > be usable to formalize "any" object language.) > > Semantic proofs just seem to mesh better with automation. In Coq, > computational reductions are no-ops in all proofs, and with > type-theoretic denotational semantics, all of a language's dynamic > semantics ends up phrased as reductions of the meta language. > > So, it looks to me like a lot of people are expending significant > amounts of unnecessary energy developing operational mechanizations. > I'm hoping that some people on this list will be eager to tell me why > I'm wrong. ;-) > _______________________________________________ > Poplmark mailing list > Poplmark at lists.seas.upenn.edu > http://lists.seas.upenn.edu/mailman/listinfo/poplmark > > From adamc at hcoop.net Thu Jun 19 14:46:00 2008 From: adamc at hcoop.net (Adam Chlipala) Date: Thu, 19 Jun 2008 14:46:00 -0400 Subject: [POPLmark] Denotational methods? In-Reply-To: <485AA369.9040803@cs.cmu.edu> References: <48599500.8010106@hcoop.net> <485AA369.9040803@cs.cmu.edu> Message-ID: <485AA968.2010309@hcoop.net> Karl Crary wrote: > Operational proofs are simple and scale easily to new features. It's hard to quantify what this really means. Certainly, denotational proofs are _more_ scalable in a certain sense, based on composing monads for different effects. > Denotational proofs often require additional mathematics (eg, power > domains for nondeterminism) I'm not so familiar with domain theory beyond the basics. Why can't you just represent the result of a nondeterministic computation returning a T with a list of T's? > For a serious language, I would be very surprised if any mechanization > improvement with denotational methods would outweigh the intrinsic > advantages of operational methods. Well, the next version of my Coq PL library will have a type-theoretic denotational semantics for a typed lambda calculus that is _almost_ core SML, only lacking features from core SML that involve multiple-variable binders (e.g., mutually recursive functions, records, patterns). There's also a certified CPS translation for that language minus polymorphism. I'll be really interested to see a comparable development that uses operational semantics, if someone happens to be working on anything like this. Mine has only about 150 lines of proof of semantic preservation, and I think the proof would be a lot longer if I couldn't use meta language computational reduction rules to do so much of the work. > Moreover, at least in Twelf, I don't feel there's a significant amount > of extra energy expended mechanizing an operational semantics. If > there is in Coq, I'm interested to hear it! The question doesn't seem well-formed for Twelf, where the function spaces are too weak to support the kind of thing I have in mind. In Coq, you can build denotational developments where the (meta language) definitional equality provides you all proof steps relating to computing denotations from programs, evaluating denotations, and executing program transformations. From crary at cs.cmu.edu Thu Jun 19 15:45:06 2008 From: crary at cs.cmu.edu (Karl Crary) Date: Thu, 19 Jun 2008 15:45:06 -0400 Subject: [POPLmark] Denotational methods? In-Reply-To: <485AA968.2010309@hcoop.net> References: <48599500.8010106@hcoop.net> <485AA369.9040803@cs.cmu.edu> <485AA968.2010309@hcoop.net> Message-ID: <485AB742.9070909@cs.cmu.edu> Adam Chlipala wrote: > Karl Crary wrote: >> Operational proofs are simple and scale easily to new features. > > It's hard to quantify what this really means. Certainly, denotational > proofs are _more_ scalable in a certain sense, based on composing > monads for different effects. Since the vast majority of PL research and education use operational methods today, I feel confident that most people know exactly what I mean. Doing an operational account involves little more than writing down a structured operational semantics and proving some properties about it. A denotational account can involve quite a bit more math; in some cases a *lot* more math, and in some cases the math doesn't yet exist. >> Denotational proofs often require additional mathematics (eg, power >> domains for nondeterminism) > > I'm not so familiar with domain theory beyond the basics. Why can't > you just represent the result of a nondeterministic computation > returning a T with a list of T's? Well, if you use a set rather than a list, that's exactly what a power domain is. But it turns out not to be so simple, since the straightforward construction doesn't give you the desired properties. I'm really not the best person to comment further. Moreover, nondeterminism is just one example. For another, if there exists any denotational theory of parameterized recursive types (aka recursive type operators), I'm not aware of it. >> For a serious language, I would be very surprised if any >> mechanization improvement with denotational methods would outweigh >> the intrinsic advantages of operational methods. > > Well, the next version of my Coq PL library will have a type-theoretic > denotational semantics for a typed lambda calculus that is _almost_ > core SML, only lacking features from core SML that involve > multiple-variable binders (e.g., mutually recursive functions, > records, patterns). There's also a certified CPS translation for that > language minus polymorphism. I'll be really interested to see a > comparable development that uses operational semantics, if someone > happens to be working on anything like this. Mine has only about 150 > lines of proof of semantic preservation, and I think the proof would > be a lot longer if I couldn't use meta language computational > reduction rules to do so much of the work. I would point you to my 2006 POPL paper with Daniel Lee and Bob Harper for an operational account of the SML type theory. You can find the Twelf code with the paper on my web page. The SML EL is done too, but not yet published, as we're still tweaking it. -- Karl