A Static Analysis of a Classical Linear Logic Programming Language

Doctoral Dissertation A Static Analysis of a Classical Linear Logic Programming Language Kyoung-Sun Kang March 2000 The Graduate School of Science and Technology Kobe University, Japan Contents 1 Introduction 1.1 Outline of the thesis . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Logic Programming as Proof Search 2.1 Uniform Proof . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Linear Logic 3.1 The Sequent Calculus of Linear Logic . . . . . . . . . . . . . . . . . 3.2 Applications to Computer Science . . . . . . . . . . . . . . . . . . . 4 Linear Logic Programming Language 4.1 An Intutionistic Linear Logic programming language Lolli 4.2 Resource Management of Lolli . . . . . . . . . . . . . . . . 4.2.1 I/O model . . . . . . . . . . . . . . . . . . . . . . . 4.2.2 Leveled I/O-model . . . . . . . . . . . . . . . . . . 4.3 A Classical Linear Logic programming language Forum . . 4.4 The Other Linear Logic Programming Languages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 2 4 5 6 6 8 10 11 13 13 15 19 20 21 21 23 23 27 27 32 37 5 A Language based on Classical Linear Logic 5.1 A Proof System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.2 An I/O model for the Proof System LL . . . . . . . . . . . . . . . 5.3 Programming Example . . . . . . . . . . . . . . . . . . . . . . . . . 6 Static Analysis Method 6.1 Abstraction of the Sequents . . . . . . . . . . . . . . . . . . . . . . 6.2 Abstract Proof Graph . . . . . . . . . . . . . . . . . . . . . . . . . 6.3 Refinement of Abstract Proof Graph . . . . . . . . . . . . . . . . . 1 7 Performance Measurements 7.1 The Sorting Program . . . . . . . . . . . . . . . . . . . . . . . . . . 7.2 A Petri Net for Producer-Consumer System . . . . . . . . . . . . . 7.3 A Producer-Consumer Program . . . . . . . . . . . . . . . . . . . . 8 Conclusion A A Lemma of the Leveled I/O model B A Proof of the Equivalence of the the Leveled I/O model and L 42 42 45 46 48 54 56 2 Abstract In this thesis, we propose a new static analysis method which is applicable for a classical linear logic programming language. Andreoli et al. proposed a static analysis method for the classical linear logic programming language LO, but their method did not cover the multiplicative conjunction which is the most important connective for a resource-sensitive feature of linear logic. Our method, in contrast, covers the multiplicative conjunction in addition to the multiplicative disjunction and linear implication. In classical linear logic programming language, such as Forum, the execution of a program is sometimes highly non-deterministic. For example, the execution time of a sorting program written in Forum rises hyper-exponentially with list length. The reason is that most of the execution time is spent for trying to prove unprovable sequents. Therefore, it is very important to find unprovable sequents before the execution of programs, and this is realizable by a static analysis performing an abstract proof search on an abstract proof. In order to develop abstract proof search in linear logic, we need to map the sequents into finite sets. we introduce a finite monoid M, +, 0 homomorphic to N (a set of natural numbers including 0) to finitely count the number of formulas occurring in the sequent. The selection of M is arbitrary, and it specifies the precision of the static analysis. We also use the power set P(M ) to list up the possible M values. The following is the outline of our static analysis method for the given program and the goal sequent to be proved: (1) Represent the set of the sequents by using P(M ); (2) Build an abstract proof graph which represents all possible sequent proofs; (3) Eliminate unprovable nodes from the abstract proof graph. The abstract proof graph can be repeatedly refined by propagating information to eliminate nodes which correspond to unprovable sequents. The method of refinement is based on the idea of data-flow analysis of the optimizing compiler. We applied our prototype analyzer for a sorting program written in a classical linear logic programming language. The original program is too slow and it is practically uncomputable. On the other hand, the program optimized by using the analysis result is much faster. For example, the optimized program is about 2750 times faster for sorting 6 elements compared with the original program, about 94000 times faster for sorting 7 elements, and the more elements are sorted, the larger the difference becomes. Furthermore, our analysis method can also be used to check the Petri net reachability. Chapter 1 Introduction In logic programming, the execution of a program can be viewed as a proof search in sequent calculus of logic. This principle can be also applied for linear logic, proposed by J.-Y. Girard [11]. Linear logic views logical assumptions as consumable resources. Therefore, in linear logic programming languages, a resource can be represented as a formula rather than a term. Several logic programming languages based on linear logic have been proposed: Lygon [13], LO [4], LinLog [3], Lolli [18], Forum [33], etc. In particular, Forum is complete for classical linear logic and its execution can be viewed as a goal-directed proof search called uniform proof [34]. However, the proof search of Forum programs is highly non-deterministic. For example, in a list sorting program, execution time rises hyper-exponentially with list length [19]. The reason is that most of the execution time is spent for trying to prove unprovable sequents. This problem is also common to the other linear logic programming languages. Therefore, it is very important to find unprovable sequents before the execution of programs, and this is realizable by a static analysis performing an abstract proof search on an abstract proof. This is possible as the abstract interpretation of logic programs can be viewed as an abstract proof search in a sequent calculus [9][10]. Of course, it is impossible to find all unprovable sequents because the provability of linear logic is undecidable in general. Andreoli et al. [5] proposed a static analysis method for their classical linear logic programming language LO, but their method did not cover the multiplicative conjunction, which is the most important connective to express a resource-sensitive feature of linear logic. In this thesis, we propose a new static analysis method applicable for a classical linear logic programming language including the multiplicative conjunction in 1 addition to the multiplicative disjunction and the linear implication. The multiplicative conjunction is analyzed on I/O model, which was originally introduced by Hodas and Miller [17] [18], to reduce the non-determinism in splitting of resources. The aim of static analysis in this thesis is to analyze a program and find unprovable sequents as much as possible before its execution. This avoids the proof search for unprovable sequents during the execution. However, in linear logic, the number of formulas is finite but the number of sequents is infinite, because the idempotent laws do not hold for multiplicative conjunction (⊗) and multiplicative disjunction (℘), that is, the sequent A, A −→ B, B is not equivalent to A −→ B. Therefore, proof search of linear logic is undecidable in general, even for propositional fragment [30]. Therefore, in order to develop abstract proof search in linear logic, we need to map the sequents into finite sets. Of course, the provability is not equivalent between the original sequent and the mapped sequent. However, our concern is to statically detect the unprovability of the sequents, so we define the mapping to preserve the provability property. For this purpose, we introduce a finite monoid M, +, 0 homomorphic to N (a set of natural numbers including 0) to finitely count the number of formulas occurring in the sequent. The selection of M is arbitrary, and it specifies the precision of the static analysis. We also use the power set P(M ) to list up the possible M values. The following is the outline of our static analysis method for the given program and the goal sequent to be proved, • Represent the set of the sequents by using P(M ). • Build an abstract proof graph which represents all possible sequent proofs. • Eliminate unprovable nodes from the abstract proof graph. The abstract proof graph can be repeatedly refined by propagating information to eliminate nodes which correspond to unprovable sequents. The method of refinement is based on the idea of data-flow analysis of the optimizing compiler. The analysis result can be used to optimize the classical linear logic programs, in addition to check the provability of the goal sequent. 1.1 Outline of the thesis In chapter 2, we explain the concept of uniform proofs which was proposed by Miller et al. [34]. A logic is appropriate as a foundation for a logic programming 2 language if uniform proof is complete for that logic. Chapter 3 describes Girard’s linear logic and its applications to computer science. In chapter 4, we describe linear logic programming languages especially Lolli, based on intutionistic linear logic, and Forum, based on classical linear logic. Chapter 4 also explains Hodas and Millers “I/O model” as a solution to reduce the non-determinism in searching for a proof of the goal G1 ⊗ G2 . This chapter also proposes an extension of this I/O model, called the “Leveled I/O model”. Chapter 5 presents the sequent calculus system LL of classical linear logic and its I/O model which define the classical linear logic programming language LL discussed in this thesis. The system LL includes multiplicative connectives such as ⊗, ℘, and . Chapter 6 proposes a static analysis method of LL. In this chapter, We define the abstract proof graph, which represents all possible sequent proofs constructed from the given program and goal sequent. The graph can be repeatedly refined by propagating information to remove unprovable nodes. Chapter 7 discusses a prototype system which performs the static analysis method described in the chapter 6. Chapter 7 also presents the results of the prototype analyzer for several example programs. Chapter 8 discusses future directions of this work. 3 Chapter 2 Logic Programming as Proof Search Operational semantics of logic programming languages like Prolog can be explained by a proof search of a sequent calculus of logic. The sequent calculus of logic is designed to read its inference rules top-down, that is, from the premises to the conclusion. However, when the question “Is it true that the sequent A −→ B ∧ C?” is given, we must check the truth of A −→ B and A −→ C to decide the truth of A −→ B ∧ C. That is to say, to prove a given sequent, it is necessary to read the inference rules bottom-up, from the conclusion to the premises. Thus, the bottom-up proof search is crucial to the execution of logic programming. However, bottom-up proof search has a problem to determine the premises of the proof when considering the inference rule cut. A −→ C C −→ B cut A −→ B The cut rule is the only rule such that there is a formula (called the cut-formula) in the premises but not in the conclusion. However, this problem in the system disappears when the cut-rule is eliminated, and any provable sequent with cut can be proved without cut. Execution of a logic programming language corresponds to a search of such cut-free proof. In other words, one step of logic programming computation corresponds to applying an inference rule except cut from the conclusion to the premises in sequent calculus. Most of any logic programming languages are based on a smaller logic than full classical logic. For example, Prolog is based on Horn clauses, and its execution model is SLD-resolution. 4 Γ, B −→ C ∨ Γ −→ A Γ, B −→ C ∨ D R ⊃L A ⊃ B, Γ −→ C ∨ D Γ −→ A Γ, B −→ C ⊃L Γ, A ⊃ B −→ C ∨R Γ, A ⊃ B −→ C ∨ D Figure 2.1: A example of the permutability of rules Miller et al. [34] introduced a concept of uniform proofs which can be used to define a logic programming language based on a logic more expressive than Horn clauses. Any logical system is appropriate as a foundation for a logic programming language if its uniform proof is complete for that logic. 2.1 Uniform Proof A uniform proof is a goal-directed proof form of sequent calculus. The idea of this goal-directed form is that, from the permutability of rules in sequent calculus, is should be able to permute the order of the application of the rules applied to a proof. As an example of the permutability of rules, in Figure 2.1, two proofs introduce the same conclusion Γ, A ⊃ B −→ C ∨ D from the same premises Γ −→ A and Γ, B −→ C. For a given goal sequent, the goal-directed proof search firstly applies all possible right-introduction rules until the right-side of sequent becomes an atomic formula, and then after applies the left-introduction rules. The following is the formal definition of the uniform proof. Definition 2.1.1 (Uniform Proof[34]) A uniform proof is an intuitionistic cutfree sequent proof in which any occurrence of a sequent whose right-hand side is a non-atomic formula is the conclusion of a right-introduction rule. However, all of the rules in intuitionistic logic do not permute with each other. There are rules which can not be permuted, such as ∨L and ∨R . Miller showed the uniform proof is complete by limiting the logic fragment to be constructed from the connectives , ∧, ⊃, and ∀. 5 Chapter 3 Linear Logic Linear logic was proposed by Jean-Yves Girard in 1987 [11]. Linear logic is called “a resource-conscious logic” because linear logic views logical assumptions as resources. Since classical (and also intuitionistic) logic can be translated into linear logic, linear logic is also called “a logic behind logics”. Linear Logic is an expressive and powerful logic, and is applicable to various fields of computer science. The expressive power of linear logic is evidenced by the encodings of several computational models such as Petri nets, counter machines, Turing machines, π-calculus, and others. 3.1 The Sequent Calculus of Linear Logic Linear logic allows the use of formulas as resources. By eliminating the structural rules of weakening and contraction, linear logic introduces the notion of resources which is not provided in classical logic. In classical logic (and also in intuitionistic logic), the following weakening and contraction rules are allowed: Γ, A, A −→ ∆ Γ −→ ∆ weakening contractionL L Γ, A −→ ∆ Γ, A −→ ∆ The elimination of the weakening and contraction rules means that assumptions can not be arbitrarily discarded or copied in linear logic. However, there are modality operators (! and ?) in linear logic which are used to indicate formulas allowing the application of the weakening and contraction rules. Conjunction and disjunction in classical logic are represented by two kinds of connectives in linear logic: one is called the “multiplicative ” connectives, and the other is called the “additive” connectives. 6 For example, linear logic has two conjunctions ⊗ (multiplicative conjunction) and & (additive conjunction). Let D, C, J be the following propositions: D = “I have one dollar” C = “I drink a cup of coffee” J = “I drink a cup of juice” In classical (also in intuitionistic logic) logic, if “D implies C” and “D implies J” are true, then “D implies C and J” is true. D −→ C D −→ J D −→ C ∧ J The proposition “With one dollar, I may drink both a cup of coffee and a cup of juice” can be deduced in classical logic. By iterating this deduction, the following can be deduced: “With one dollar, I may drink any cups of coffee and any cups of juice”. This, however, is absurd in reality. This deduction is nonsense when considering assumptions as resources. However, there are two conjunctions ⊗, and & in linear logic which means “I have both” and “I have a choice” respectively: D −→ C D −→ J (⊗ ) R D, D −→ C ⊗ J D −→ C D −→ J ( ) &R D −→ C & J That is, in linear logic, “With two dollars, I may drink both” and “With one dollar, I may drink a cup of coffee or juice but not both” can be deduced instead. The connectives of linear logic can be summarized as follows: • the multiplicative connectives: the conjunction ‘⊗’ (called “tensor”), the disjunction ‘℘’ (called “par”), the linear implication ‘ ’ (called “lollipop”), the negation A⊥ , the truth ‘1’ (called “one”), and the falsehood ‘⊥’ (called “bottom”), • the additive connectives: the conjunction ‘&’ (called “with”), the disjunction ‘⊕’ (called “o-plus”), the truth ‘ ’ (called “top”), and the falsehood ‘0’ (called “zero”), • the exponentials: ! (called “of course” or “bang”) and ? (called “why not”) • the quantifiers: ∀ and ∃ 7 Figure 3.1 shows the system of the first-order classical linear logic. Exchange rules are omitted because each side of the sequent is viewed as a multiset. In the rules (!R ) and (?L ) in Figure 3.1, the notation !Γ represents the multiset {!B|B ∈ Γ}. 3.2 Applications to Computer Science Linear logic has been applied to many areas of computer science. Most of the applications utilizes the concept of “resource” which is difficult to represent in traditional logics. In the case of the Petri net, tokens are presented as atomic formulas (i.e. resources), and reachability of Petri net is mapped to provability of linear logic [2]. There are many other frameworks and computation models encodable into linear logic, such as counter machines, Turing machines, and πcalculus [31]. As for an application to functional programming language, linear logic can be used for efficient memory management [29] and for a type system [1]. The application to logic programming language is one of the most active topic in linear logic. Several logic programming languages based on linear logic have been proposed: Lygon [13], LO [4], LinLog [3], Lolli [18], Forum [33], HACL [28] etc. We discuss more about linear logic programming languages in the next chapter. 8 A −→ A (Axiom) Γ −→ A, ∆ Γ , A −→ ∆ (Cut) Γ, Γ −→ ∆, ∆ Logical axiom and Cut rule Γ, A −→ ∆ ((−)⊥ R ) Γ −→ A⊥ , ∆ Γ −→ A, ∆ Γ −→ B, ∆ (&R ) Γ −→ A & B, ∆ Γ −→ A, ∆ ((−)⊥ L ) ΓA⊥ −→ ∆ Γ, B −→ ∆ Γ, A −→ ∆ (&L1 ) (&L2 ) Γ, A & B −→ ∆ Γ, A & B −→ ∆ Γ, A, B −→ ∆ (⊗L ) Γ, A ⊗ B −→ ∆ Γ −→ A, ∆ Γ −→ B, ∆ (⊗R ) Γ, Γ −→ A ⊗ B, ∆, ∆ Γ, A −→ ∆ Γ, B −→ ∆ Γ −→ A, ∆ Γ −→ B, ∆ (⊕L ) (⊕R1 ) (⊕R2 ) Γ, A ⊕ B −→ ∆ Γ −→ A ⊕ B, ∆ Γ −→ A ⊕ B, ∆ ΓA −→ ∆ Γ , B −→ ∆ (℘L ) ℘B −→ ∆, ∆ Γ, Γ , A Γ −→ A, ∆ Γ , B −→ ∆ ( Γ, Γ , A B −→ ∆, ∆ Γ −→ ∆ (1 ) Γ, 1 −→ ∆ L Γ −→ ⊥ −→ ,∆ ( R) L) Γ −→ A, B, ∆ (℘ ) Γ −→ A℘B, ∆ R Γ, A −→ B, ∆ ( Γ −→ A B, ∆ −→ 1 (1R ) ( L) R) Γ, 0 −→ ∆ (⊥L ) Γ −→ ∆ (⊥ ) R Γ −→ ∆, ⊥ Rules for the propositional constants Γ, C[x/t] −→ ∆ (∀L ) Γ, ∀x.C −→ ∆ Γ, C[x/y] −→ ∆ (∃L ) Γ, ∃x.C −→ ∆ Γ −→ C[x/y], ∆ (∀R ) Γ −→ ∀x.C, ∆ Γ −→ C[x/t], ∆ (∃R ) Γ −→ ∃x.C, ∆ Rules for the quantifiers(y must not be free in Γ, ∆.) Γ −→ ∆ (! ) Γ, A −→ ∆ (! ) !Γ −→ A, ?∆ (! ) Γ, !A, !A −→ ∆ (! ) C Γ, !A −→ ∆ W Γ, !A −→ ∆ L !Γ −→!A, ?∆ R Γ, !A −→ ∆ Γ −→ ∆ (? ) !Γ, A −→?∆ (? ) Γ −→ A, ∆ (? ) Γ −→?A, ?A, ∆ (? ) C Γ −→?A, ∆ W !Γ, ?A −→?∆ L Γ −→?A, ∆ R Γ −→?A, ∆ Rules for the exponentials Figure 3.1: The sequent calculus for classical linear logic 9 Chapter 4 Linear Logic Programming Language As mentioned before, linear logic can be considered as a rich foundation for Logic programming. Consequently, in recent years, several logic programming languages based on linear logic have been proposed. Among these, we concentrate on Lolli and Forum in this chapter. Among the rules of linear logic, the multiplicative connectives is important for the resource-sensitive programming in linear logic. In the bottom-up search of a proof of a sequent including a multiplicative connectives, it is necessary to split the linear context into two parts. Due to this, the search becomes highly nondeterministic. For example, to proving the goal G1 ⊗ G2 : ∆1 −→ G1 ∆2 −→ G2 ⊗R ∆ −→ G1 ⊗ G2 the multiset ∆ must be divided into two multisets ∆1 and ∆2 . If ∆ has cardinality n there are 2n such partitions of ∆. Hodas and Miller proposed a solution to reduce the non-determinism in searching for a proof of the goal G1 ⊗ G2 which is called the “I/O model” for an intuitionistic linear logic programming language Lolli [18] [17]. In this chapter, we also propose an extension to this I/O model, and call it the “Leveled I/O model”. We also describe Forum which is a superset of some logic programming language based on linear logic. Forum is complete for classical linear logic, and its execution can be viewed as a goal-directed proof search, an extension of the uniform proof. 10 4.1 An Intutionistic Linear Logic programming language Lolli Lolli is a logic programming language based on a fragment of intutionistic linear logic. The language was designed by Josh Hodas and Dale Miller. The execution of Lolli can be viewed as a goal-directed proof search, that is, a uniform proof on intutionistic linear logic. In sequent calculus of intutionistic linear logic, there are provable sequents do not have uniform proofs. For example, the sequent a ⊗ b −→ b ⊗ a, !a & b −→!a are provable in linear logic but do not have uniform proofs. This is because !R and ⊗R do not permute down over all the left-introduction rules. So that Lolli made the sequent form Γ; ∆ −→ B where Γ is a set of formulas, ∆ is a multiset of formulas, and B is a formula. Such sequents have their context divided into two parts: the unbounded part (which is called intuitionistic context), Γ, that corresponds to the left-hand side of intuitionistic sequents, and the bounded part (which is called linear context), ∆, which corresponds to the left-hand side of sequents of the purely linear fragments of linear logic (no !’s). The sequent B1 , · · · , Bn ; C1 , · · · , Cn −→ B of Lolli can be mapped to the linear logic sequent !B1 , · · · , !Bn , C1 , · · · , Cn −→ B. By introduce this style of sequent, Lolli has two kinds of implication: the linear implication , for which the right-introduction rule adds its assumption to the bounded part of a context, and intutionistic implication ⇒, for which the rightintroduction rule adds its assumption to the bounded part of a context, the meaning of B ⇒ C is (!B) C. Lolli is builded in following formulas over logical constants , 1, &, ⊗, ⊕, , ⇒, !, ∀, and ∃. R ::= G ::= | A | R1 & R2 | G R | G ⇒ R | ∀x.R G | R ⇒ G | !G | ∀x.G | ∃x.G | 1 | A | G1 & G2 | G1 ⊗ G2 | G1 ⊕ G2 | R where A is a atomic formula, R is a resource formula, and G is a goal formula. Lolli also shows that it is also possible to use a more restrictive definition for resource formulas, called “R-formulas”: R ::= | A | R1 & R2 | G A | G ⇒ A | ∀x.R Figure 4.1 presents the proof system for Lolli, named L . All provable sequent in the system L has uniform proofs. In the inference rule BC (backchaining) of L , the B is the smallest set of triples of form Γ, ∆, B where Γ is a set of formula and ∆ is a multiset of formulas, such that 11 Γ; A −→ A Γ; ∆, B −→ C Γ; ∆ −→ B C identity Γ, B; ∆, B −→ C absorb Γ, B; ∆ −→ C Γ, B; ∆ −→ C ⇒R Γ; ∆ −→ B ⇒ C Γ; ∆ −→ R R Γ; ∆ −→ B Γ; ∆ −→ C &R Γ; ∆ −→ B & C Γ; ∆, B[t/x] −→ C ∀ Γ; ∆, ∀x .B −→ C L Γ; ∆ −→ B[y/x] ∀R Γ; ∆ −→ ∀x .B (provided that y is not free in the lower sequent) Γ; ∅ −→ B1 ··· Γ; ∅ −→ Bn Γ; ∆1 −→ C1 Γ; ∆1 , · · · ∆m , B −→ A ··· Γ; ∆m −→ Cm BC (provided n, m ≥ 0, A is atomic, and {B1 , · · · , Bn }, {C1 , · · · , Cm }, A ∈ B ) Γ; ∅ −→ B !R Γ; ∅ −→!B Γ; ∆ −→ Bi ⊕ (i = 1, 2) Γ; ∆ −→ B1 ⊕ B2 R Γ; ∅ −→ 1 1R Γ; ∆ −→ B[x/t] ∃ Γ; ∆ −→ ∃x .B R Γ; ∆1 −→ B Γ; ∆2 −→ C ⊗R Γ; ∆1 , ∆2 −→ B ⊗ C (Additional rules for positive occurrences of 1, ⊗, ⊕, !, and ∃) Figure 4.1: The proof system L for Lolli 12 1. ∅, ∅, B ∈ B , 2. if Γ, ∆, B1 & B2 ∈ B 3. if Γ, ∆, ∀x.B ∈ B then both Γ, ∆, B1 ∈ B and Γ, ∆, B2 ∈ B , then for all closed terms t, Γ, ∆, B [t/x] ∈ B , then Γ ∪ {B1 }, ∆, B2 ∈ B , and then Γ, ∆ {B1 }, B2 ∈ B (where denotes 4. if Γ, ∆, B1 ⇒ B2 ∈ B 5. if Γ, ∆, B1 B2 ∈ B multiset union). Proposition 4.1.1 (Completeness and soundness ) The sequent Γ; ∆ −→ B is provable in L if and only if Γ ; ∆ −→ B is provable in intutionistic linear logic where B is the result of repeatedly replacing all occurrences of C1 ⇒ C2 in B with (!C1 ) C2 . (Applying to a set or multiset of formulas results in the multiset of applied to each member.) Proof. Refer to [17]. 4.2 Resource Management of Lolli In this section, we discuss resource management, methods of Lolli. 4.2.1 I/O model In the execution of the goal G1 ⊗ G2 , resources are split into two disjoint parts as defined in the original linear logic system. This introduce a large amount of non-determinism. Hodas and Miller in [18] solved this problem by using an I/O model in which each goal has its input context and output context. The output context of G1 is forwarded to G2 as its input context. Γ; ∆1 −→ G1 Γ; ∆2 −→ G2 ⊗R Γ; ∆1 , ∆2 −→ G1 ⊗ G2 Γ; ∆I \∆ −→ G1 Γ; ∆ \∆O −→ G2 ⊗R Γ; ∆I \∆O −→ G1 ⊗ G2 In order to prove the goal G1 ⊗G2 in the I/O model of Lolli, the first input context, ∆1 , ∆2 , are given as usable assumptions to prove G1 . The output context ∆2 of G1 , which is not used by G1 , is given as input context of G2 to prove G2 . The above ⊗R is the inference rule of the I/O model; the context on the left of the “\” is the input linear context of a goal Gi , and the one on the right is the output linear context of a goal Gi . First, we define some relations for the I/O model. 13 Definition 4.2.1 (IO-context) A IO-context is a list made up of R-formulas, !’ed R-formulas, or the special symbol del used to denote a place where an Rformula has been deleted. Definition 4.2.2 Figure 4.2 shows a specification of the I/O model for the propositional fragment of Lolli.The predicates in the specification and defined as follows: • subcontext(O, I) holds iff – I = nil and O = I, or – I = 1 and O = I, or – I = !R :: I1 , O =!R :: O1 , and subcontext(O1 , I1 ), or – I = R :: I1 , O = del :: O1 , and subcontext(O1 , I1 ), or – I = R :: I1 , O = R :: O1 , and subcontext(O1 , I1 ). • pickR(I, O, R) holds iff – I = R :: I1 and O = del :: I1 , or – I =!R :: I1 and O = I, or – I = R1 & · · · & Rn :: I1 , Ri = R (for some i), and O = del :: I1 , or – I = R :: I1 , O = R :: I1 , and pickR(I1 , O1 , R) • thinable(O) holds iff – O = nil, or – O = del :: O1 , and thinable(O1 ), or – O = !R :: O1 , and thinable(O1 ) Proposition 4.2.1 (Completeness and soundness ) The nil{G}nil is provable in I/O model if and only if the sequent −→ G is provable in proof system L . Proof. Refer to [17]. 14 I{1}O subcontext(O, I) I{ }O I{G1 }O I{G2 }O I{G1 & G2 }O I{G}I I{!G}I I{G1 }M M {G2 }O I{G1 ⊗ G2 }O R :: I{G}del :: O I{R G}O I{Gi }O I{G1 ⊕ G2 }O !R :: I{G}!R :: O I{R ⇒ G}O pickR(I, O, A) I{A}O pickR(I, M, G A) M {G}O I{A}O pickR(I, O, G ⇒ A) O{G}O I{A}O Figure 4.2: I/O model for propositional Lolli 4.2.2 Leveled I/O-model In the I/O model, the execution of pickR produces a new IO-context. For example, in executing the pickR(I, O, A), O is a new IO-context obtained by replacing an A in I by del. If I is a IO-context R1 :: R2 :: A :: nil, then O is a new IO-context R1 :: R2 :: del :: nil as shown below. pickR(R1 :: R2 :: A :: nil, R1 :: R2 :: del :: nil, A) I{A}O Because the most of execution of the “program” is the execution of pickR, many IO-contexts are produced, and this is the principal of slow down the execution speed. It is good idea for efficient execution to reconstruct only the consumed resource of the old IO-context rather than producing a new IO-context. However, the reconstruction of IO-context has a problem with the execution of goal G1 & G2 . The following shows the sequent calculus rules of G1 & G2 in L and I/O model respectively. Γ; ∆ −→ G1 Γ; ∆ −→ G2 &R Γ; ∆ −→ G1 & G2 15 I{G1 }O I{G2 }O I{G1 & G2 }O The goal of G1 & G2 is provable if both G1 and G2 are provable using the same resource. In the I/O model, G1 and G2 have independent executions with the same input IO-context and both output should be the same. Instead of checking G1 and G2 are provable by the same resource after the executions of G1 and G2 , it is efficient to check whether the goal G2 is provable using only the resource consumed by G2 or not as discussed in [8]. In order to perform the correct execution of G1 & G2 by using only one IOcontext, we mark the resource consumed by G1 , and let the only marked resource be consumable in the execution of G2 . The above execution can be realized as assigning a level value to each resource formula. Definition 4.2.3 (Leveled Resource formula) A leveled R-formula is a pair R, where R is a R-formula in Lolli and is an integer called a consumption level. Definition 4.2.4 (L-context) An L-context is a list of leveled R-formulas. Definition 4.2.5 (contextL,U (I )) Let I be an L-context context L,U (I ) holds if all R, l in I satisfy L ≤ l ≤ U . Definition 4.2.6 Let I and O be IO-contexts satisfying context L,U (I ) and context L,U (O) respectively. The relation subcontext U,L (O, I ) is recursively defined as follows. • O = nil and I = nil, or • O = R, 0 :: O1 , I = R, 0 :: I1 , and subcontext U,L (O1 , I1 ), or • O = R, U :: O1 , I = R, L :: I1 ,and subcontext U,L (O1 , I1 ), or • O = R, :: O1 , I = R, :: I1 , and subcontext U,L (O1 , I1 ). is as follows. > 0. = 0. if The intended meaning of a leveled R-formula R, • a resource R is consumable on the level • a resource R is consumable on the all level if • a resource R was consumed if < 0. Definition 4.2.7 An IOL -sequent is an expression of the form: L,U I {G}O where I and O satisfy the relation subcontext U,L (I , O). 16 While executing the goal G in IOL -sequent L,U I {G}O, R-formulas of level L (or 0) in I can be consumed, and the level of consumed R-formulas changed to U (or 0), 0 respectively. Definition 4.2.8 Let I and O be L-contexts, L be a positive integer, U be a negative integer, and G be a goal formula. The relations pick RL,U (I , O, R), thinable L (O), and change K,K (I , O) are defined as follows. • pick RL,U (I , O, R) holds iff – I = R1 & · · · & Rn , 0 :: I1 , Ri = R (for some i), and O = I , or – I = R1 & · · · & Rn , L :: I1 , Ri = R (for some i), and O = R1 & · · · & Rn , U :: I1 , or – I = R :: I1 , O = R :: I1 , and pick RL,U (I1 , O1 , R). whereI and O satisfy contextL,U (I ) and context L,U (O) respectively. • thinable L (O) holds iff – O = nil, or – O = R, 0 :: O1 and thinable L (O1 ), or – O = R1 & · · · & Rn , l :: O1 , L = l and thinable L (O1 ). • change K,K (I , O) holds iff – I = nil and O = nil, or – I = R, 0 :: I1 , O = R, 0 :: O1 , and change K,K (I1 , O1 ), or – I = R, K :: I1 , O = R, K and K are integer. :: O1 , and change K,K (I1 , O1 ) where K The level of IOL -sequent are changed only when G1 & G2 and !G are executed. • Case of the G1 & G2 L,U −1 I {G1 }M change U −1,L+1 (M , N ) L+1,U N {G2 }O L,U I {G1 & G2 }O thinable L+1 (O) The goal G1 in L,U −1 I {G1 }M consumes the resources with level L in I and changes the level U − 1, that is, the resource with level U − 1 in M is the resource consumed by G1 . By change U −1,L+1 (M , N ), a resource with level L + 1 in N is a resource consumed by G1 . The thinable L+1 (O) then checks whether the goal G2 consumes all of the level L + 1 resources or not. 17 L,U I {1}I subcontext L,U (O, I ) L,U I { }O pick RL,U (I , M , G L,U L+1,U −1 L,U I {G}O I {!G}O M {G}O pick RL,U (I , O, A) L,U I {A}O pick RL,U (I , M , G ⇒ A) L,U I {A}O L,U −1 A) I {A}O L,U L,U M {G}O L,U I {G1 }M L,U M {G2 }O L,U I {G1 ⊗ G2 }O thinable L+1 (O) I {G1 }M change U −1,L+1 (M , N ) L+1,U N {G2 }O L,U I {G1 & G2 }O L,U L,U R, L :: I {G} R, U :: O G}O L,U I {R R, 0 :: I {G} R, 0 :: O L,U I {R ⇒ G}O Figure 4.3: An I/O model with consumption-level for propositional Lolli 18 • Case of the !G L+1,U −1 L,U I {G}O I {!G}O Γ; ∅ −→ G !R Γ; ∅ −→!G In the execution of !G, only exponential resources can be used. In the Leveled I/O model, there are no linear resources with the level L + 1 in I at L+1,U −1 I {G}O, so there are no resources with the level U − 1 in O.A Therefore, as described in proposition 4.2.2, we can make sure that I and O are in the same L-context. Proposition 4.2.2 In the IOL -sequent L,U I{G}O, if there are no resources with consumption level L in I , then O and I are the same. Proof. This is shown by induction on the structure of IOL -derivation. The proof in shown the Appendix A. Definition 4.2.9 (The difference I −(L,U ) O ) In the IOL -sequent L,U I {G}O, we define the difference I −(L,U ) O is a pair Γ, ∆ where Γ is the set of all formulas R, 0 in I ( therefore, also in O ), and ∆ is the multiset of all formulas R whose consumption level is L in I and U in O. Proposition 4.2.3 (Completeness and soundness ) In the IOL -sequent L,U I {G}O, let I −(L,U ) O be a pair Γ, ∆ . Then is derivable iff Γ, ∆ −→ G is provable in L . Proof. The proof is shown in the Appendix B. I {G}O L,U Based on this Leveled I/O model, the compiler system named LLP has been developed. However, the Leveled I/O model presented here still has a problem with the non-deterministic behavior of . The I/O model LRM solved this problem of in [21], Which is a joint work with Hodas et al. 4.3 A Classical Linear Logic programming language Forum Forum, by Dale Miller in 1994 [32], is a higher-order logic programming language based on linear logic. Dale Miller introduced Forum as a specification language. Unlike Lolli, Forum is based on the multiple-conclusion (classical) system rather than the intuitionistic one. 19 The design of Forum required extending the notion of the uniform proof to the multiple-conclusion setting. The system is complete for the extended uniform proof, and by using the following logical equivalences; covers all connectives of linear logic including ⊗, ⊕, ∃, ! and 1. B⊥ ≡ B ⊥ 0 ≡ ⊥ 1≡⊥ ⊥ !B ≡ (B ⇒ ⊥) ⊥ ?B ≡ (B ⊥) ⇒ ⊥ ∃x.B ≡ (∀x.B ⊥ )⊥ B ⊕ C ≡ (B ⊥ &C ⊥ )⊥ B ⊗ C ≡ (B ⊥ ℘C ⊥ )⊥ Forum is complete with respect to classical linear logic. In that sense, Forum includes other existing logic programming languages (such as λ-Prolog, Lolli and LO). Several specifications including the operational semantics of programming languages have been written in Forum; RISC-processor (Chirimar 1995), Parallel Execution of Declarative Programs (Chakravarty), object-oriented programming language (Delzanno 1996), etc. However, there are difficult problems for implementation of Forum, such as the unification of multi-heads rules, the invocation of ⊥-head, and the higher-order quantification unification. 4.4 The Other Linear Logic Programming Languages LO and LinLog were proposed by Jean-Marc Andreoli and Remo Pareschi. LO is, like Forum, based on a multiple-conclusion fragment of linear logic, and its design was motivated by the desire to implement a parallel, object-oriented language. However, the fragment of linear logic used in LO is very small. Linlog extends LO by adding several additional operators. The execution of Linlog is a search goaldirected proof called focusing proof. The focusing proofs are based on the concept of the goal-directed proof which is related to the uniform proof. Lygon was proposed by James Harland and David Pym [14, 15]. Lygon is based on a fragment of multiple-conclusion (classical) linear logic, and a variant of uniform proof search is complete for that fragment, like Lolli and Forum. However, the definition of uniform proof differs from that used in the design of Forum. In general, Lygon execution is more non-deterministic than Forum execution. ACL was proposed by Kobayashi and Yonezawa. ACL captures the simple notions of asynchronous communication by identifying the send and read primitives with two complementary linear logic connectives. 20 Chapter 5 A Language based on Classical Linear Logic In this chapter, we define the first-order sequent calculus system LL of classical linear logic discussed in this thesis. We also call the classical linear logic programming language based on this system as LL The system LL includes multiplicative connectives such as ⊗, ℘, and . We choose a relatively small language here because we wish to concentrate on the design of the analysis method for multiplicative conjunctions. However, it is not difficult to extend our language more widely. In order to design an analysis method that is applicable for any program including multiplicative conjunction ⊗, we introduce the I/O model, which was originally introduced by Hodas and Miller, for the LL in this chapter. This is because the multiplicative conjunction can be analyzed on I/O model. 5.1 A Proof System A program of our language LL is a set of clauses which is defined as follows. Definition 5.1.1 (Clause) A clause is a closed formula in the form (n ≥ 1): → ∀− (A1 ℘ · · · ℘An : −G) x where G = ⊥ or 1 or A or B ℘C or B formulas. C or B ⊗ C, where A, B, C, Ai are atomic In the definition 5.1.1, the connective : − means the reverse linear implication, that is, A : − G is equivalent to G A. It is easy to extend the body of clause in 21 Ψ; A −→ A (identity) Ψ; ∆1 −→ B, A1 Ψ; ∆2 −→ C, A2 (⊗) Ψ; ∆1 , ∆2 −→ A1 , · · · , An , A1 , A2 (provided A1 ℘ · · · ℘An :− B ⊗ C ∈ Ψ ) Ψ; B, ∆ −→ C, A (1) ( ) Ψ; −→ A1 , · · · , An Ψ; ∆ −→ A1 , · · · , An , A (provided A1 ℘ · · · ℘An :− 1 ∈ Ψ ) (provided A1 ℘ · · · ℘An :− B C ∈ Ψ ) Ψ; ∆ −→ A Ψ; ∆ −→ B, C, A (⊥) (℘) Ψ; ∆ −→ A1 , · · · , An , A Ψ; ∆ −→ A1 , · · · , An , A (provided A1 ℘ · · · ℘An :− ⊥ ∈ Ψ ) (provided A1 ℘ · · · ℘An :− B ℘C ∈ Ψ ) → where Ψ = {C0 | C0 is a ground instance of C, ∀− ∈ Ψ}. x.C Figure 5.1: The rules for the proof system LL the definition 5.1.1 to the following syntax: G ::= ⊥ | 1 | A | G1 ℘G2 | A G | G1 ⊗ G2 Translation of a clause of the extended form into clauses of the non-extended form can be performed by introducing new predicate symbols. For example, the clause A1 ℘, · · · , ℘An : −(B1 ℘B2 )⊗(C1 C2 ) can be translated into the following three clauses: A1 ℘, · · · , ℘An : −B ⊗ C, B : −B1 ℘B2 , and C : −C1 C2 where B and C are newly by introduced atomic formulas. Definition 5.1.2 (Sequent) A sequent is an expression Ψ; ∆ −→ A, where Ψ is a set of clauses and ∆, A are multisets of atomic formulas. In the definition 5.1.2, Ψ and ∆ are called the intuitionistic context and the linear context, and they can be viewed as the program and resources respectively. The formulas in A are called the goals. Clauses in Ψ are considered to be prefixed by the modality operator !. That is, the sequent Ψ; ∆ −→ A is equivalent to !Ψ, ∆ −→ A of standard linear logic. Figure 5.1 shows the sequent calculus system LL. 22 5.2 An I/O model for the Proof System LL In a linear logic programming language, the proof search of the goal G1 ⊗ G2 is highly non-deterministic due to the splitting of linear context. This problem is more serious in classical linear logic than in intuitionistic linear logic. This is because, in a classical linear logic programming language, both the left-hand linear context and the goal context must be split as shown below. Γ; ∆1 −→ G1 , Σ1 Γ; ∆2 −→ G2 , Σ2 ⊗R Γ; ∆1 , ∆2 −→ G1 ⊗ G2 , Σ1 , Σ2 In the intuitionistic linear logic programming language Lolli, Hodas and Miller proposed the I/O model to reduce this non-determinism. By applying the idea of the I/O model also to right-hand goal context, Hodas proposed the extended I/O model for the classical linear logic programming language Forum [19]. We introduce the system IO by applying the same idea to the system LL. Definition 5.2.1 A sequent of IO is an expression Ψ; ∆I \∆O −→ AI \AO , where Ψ is a set of clauses and ∆I , ∆O , AI , AO are multisets of atomic formulas. Figure 5.2 presents the I/O model IO for LL. We now show that the I/O model IO is sound and complete relative to the system LL. Proposition 5.2.1 LL Ψ; ∆ −→ A ⇐⇒ IO Ψ; ∆, ∆O \∆O −→ A, AO \AO Proof. Note that several steps of this proof implicitly depend on the lemma that if the sequent Ψ; ∆I \∆O −→ AI \AO has a proof in IO, then ∆O ⊆ ∆I and AO ⊆ AI . This is simple to prove by induction on the structure of IO proof, and will not be demonstrated here. 5.3 Programming Example The following list sorting program was introduced in [20] as an example program of Forum, and also an example program of LL. 23 Ψ; A, ∆\∆ −→ A, A\A (identity) (1) Ψ; ∆\∆ −→ A1 , · · · An , A\A (provided A1 ℘ · · · ℘An : −1 ∈ Ψ ) Ψ; B, ∆I \∆O −→ C, AI \AO Ψ; ∆I \∆O −→ AI \AO ( ) (⊥) Ψ; ∆I \∆O −→ A1 , · · · An , AI \AO Ψ; ∆I \∆O −→ A1 , · · · An , AI \AO (provided A1 ℘ · · · ℘An : −B C ∈ Ψ ) (provided A1 ℘ · · · ℘An : −⊥ ∈ Ψ ) Ψ; ∆I \∆O −→ B, C, AI \AO (℘) Ψ; ∆I \∆O −→ A1 , · · · An , AI \AO (provided A1 ℘ · · · ℘An : −B ℘C ∈ Ψ ) Ψ; ∆I \∆ −→ B, AI \A Ψ; ∆ \∆O −→ C, A \AO (⊗) Ψ; ∆I \∆O −→ A1 , · · · An , AI \AO (provided A1 ℘ · · · ℘An : −B ⊗ C ∈ Ψ and AO ⊆ A ⊆ AI ) → where Ψ = {C0 | C0 is a ground instance of C, ∀− ∈ Ψ}. x.C Figure 5.2: The I/O model IO for the proof system LL sort(L,S) :spawn([]) :spawn([H|T]) sorted(L1) ℘ sorted(S) spawn(L). sorted([]). :- sorted([H]) ℘ spawn(T). sorted(L2) :- merge(L1,L2,L) ⊗ sorted(L). merge([],L,L). merge([H|T],[],[H|T]). merge([H1|T1],[H2|T2],[H1|L]) :- H1 =< H2 ⊗ merge(T1,[H2|T2],L). merge([H1|T1],[H2|T2],[H2|L]) :- H1 > H2 ⊗ merge([H2|T2],T2,L). First, the program breaks each element of the given list into goals of singleton lists whose predicate names are sorted. The following rule finds two sorted lists from the goals, and replaces them with a single goal holding the new sorted list by merging. sorted(L1) ℘ sorted(L2) :- merge(L1,L2,L) ⊗ sorted(L). Figure 5.3 and Figure 5.4 are the LL proof and the IO proof for sorting the list [3, 2, 1] into ascending order. 24 X = [1, 2, 3] Ψ; −→ m([2, 3], [1], [1, 2, 3]) Ψ; s(X) −→ s([1, 2, 3]) Ψ; −→ m([3], [2], [2, 3]) Ψ; s(X) −→ s([2, 3]), s([1]) Ψ; s(X) −→ s([3]), s([2]), s([1]), s([]) Ψ; s(X) −→ p([3, 2, 1]) Ψ; −→ sort([3, 2, 1], X) Figure 5.3: An LL proof for sorting program. X = [1, 2, 3] Ψ; s(X)\s(X) −→ m([2, 3], [1], [1, 2, 3])\ Ψ; s(X)\s(X) −→ m([3], [2], [2, 3]), s([1])\s([1]) Ψ; s(X)\ −→ p([3, 2, 1])\ Ψ; \ −→ sort([3, 2, 1], X)\ Ψ; s(X)\ −→ s([3]), s([2]), s([1]), s([])\ Ψ; s(X)\ −→ s([1, 2, 3])\ Ψ; s(X)\ −→ s([2, 3]), s([1])\ Figure 5.4: An IO proof for sorting program. 25 In Figure 5.3 and Figure 5.4, Ψ means the sorting program described above, s stands for sorted, m stands for merge, p stands for spawn, and the executions such as merge, are omitted. 26 Chapter 6 Static Analysis Method The aim of static analysis in this thesis is to analyze a program and find unprovable sequents as much as possible before its execution. This avoids the proof search for unprovable sequents during the execution. As described in the introduction, abstract interpretation of logic programs can be viewed as an abstract proof search in sequent calculus. By a static analysis performing abstract proof search on abstract propositional proofs, it is possible to statically detect unprovable sequents. We propose a static analysis method of LL in this chapter. The following is the outline of our static analysis method for the given program and the goal sequent to be proved, • Represent the set of the sequents by finite set. • Build an AND-OR graph, called an abstract proof graph, which represents all possible sequent proofs. • Eliminate unprovable nodes from the abstract proof graph. 6.1 Abstraction of the Sequents In propositional logic, when the goal sequent is given, there are only finite number of sequents to be considered due to the subformula property and the idempotent laws of conjunction (∧) and disjunction (∨). Therefore, proof search of propositional logic is decidable. However, in linear logic, the number of formulas is finite but the number of sequents is infinite, because the idempotent laws do not hold for multiplicative 27 conjunction (⊗) and multiplicative disjunction (℘), that is, the sequent A, A −→ B, B is not equivalent to A −→ B. Therefore, proof search of linear logic is undecidable in general, even for propositional fragment [30]. Therefore, in order to develop abstract proof search in linear logic, we need to map the sequents into finite sets. Of course, the provability is not equivalent between the original sequent and the mapped sequent. However, our concern is to statically detect the unprovability of the sequents, so we define the mapping to preserve the provability property. We first map the program and the goal sequent into propositional fragment by removing quantifiers and the arguments of all atomic formulas. We define the propositional system of the LL, called LLN . A program of the system LLN is a set of following clauses (n ≥ 1) : A1 ℘ · · · ℘An : −G where G = ⊥ or 1 or A or B ℘C or B C or B ⊗ C, and A, B, C, and Ai are atomic formulas without argument (that is, propositional variables). We introduce the I/O model of the system LLN . Figure 6.2 presents the rules of the propositional I/O model, we named it the system ION . We now consider the preservation of the provability and the sound and complete relation among the proof systems. Proposition 6.1.1 LL Ψ; ∆ −→ A =⇒ LLN Ψ ; ∆ −→ A where B represents a formula obtained by removing the arguments and quantifiers from B (applying to a set or multiset of formulas results in the multiset of applied to each member). Proof. This is simple to prove by induction on the structure of LL proof. Proposition 6.1.2 LLN Ψ; ∆ −→ A ⇐⇒ ION Ψ; ∆, ∆O \∆O −→ A, AO \AO Proof. This can be similarly proved as the Proposition 5.2.1. By the above Proposition 6.1.1 and Proposition 6.1.2, we can know the fact that if the sequent Ψ; ∆I \∆O −→ AI \AO is provable in IO, then Ψ ; ∆I \∆O −→ AI \AO is provable in ION . 28 Ψ; A, ∆\∆ −→ A, A\A (identity) (1) Ψ; ∆\∆ −→ A1 , · · · An , A\A (provided A1 ℘ · · · ℘An : −1 ∈ Ψ) Ψ; B, ∆I \∆O −→ C, AI \AO Ψ; ∆I \∆O −→ AI \AO ( ) (⊥) Ψ; ∆I \∆O −→ A1 , · · · An , AI \AO Ψ; ∆I \∆O −→ A1 , · · · An , AI \AO (provided A1 ℘ · · · ℘An : −B C ∈ Ψ) (provided A1 ℘ · · · ℘An : −⊥ ∈ Ψ) Ψ; ∆I \∆O −→ B, C, AI \AO (℘) Ψ; ∆I \∆O −→ A1 , · · · An , AI \AO (provided A1 ℘ · · · ℘An : −B ℘C ∈ Ψ) Ψ; ∆I \∆ −→ B, AI \A Ψ; ∆ \∆O −→ C, A \AO (⊗) Ψ; ∆I \∆O −→ A1 , · · · An , AI \AO (provided A1 ℘ · · · ℘An : −B ⊗ C ∈ Ψ and AO ⊆ A ⊆ AI ) Figure 6.1: The I/O model ION for the propositional proof system LLN Let F be a set of all propositional atomic formulas occurring in the program and the goal sequent mapped to propositional fragment. A multiset over F can be defined as a mapping F −→ N where N is a set of non-negative integers. Now, we consider a finite representation of multisets. Definition 6.1.1 (M -representation) Let M, +, 0 be a finite monoid homomorphic to N, that is, there exists a mapping φ : N −→ M satisfying φ(0) = 0, φ(x + y) = φ(x) + φ(y) for all x, y ∈ N. Let X be a multiset over F. An M representation of X is a composite mapping φ ◦ X. Example 6.1.1 Let Mn = {0, 1, 2, · · · , n}. morphic to N by the following mapping. φ(x) = x if n if Mn , +, 0 is a finite monoid homox m+ \ --> . s+ --> s+ \ --> (the program Ψ is omitted) Figure 6.3: An abstract proof graph for the goal M1 -sequent, Ψ; s1 \ −→ s1 \ . 4. if (A1 ℘ · · · ℘An : − B C) ∈ Ψ and AI ∩ [{A1 , · · · , An }] = ∅, then add a node v1 , Ψ; ∆I + [{B}] \∆O −→ AI − [{A1 , · · · , An }] + [{C}] \AO , and add an arc v, v1 , 5. if (A1 ℘ · · · ℘An : − B ℘C) ∈ Ψ and AI ∩ [{A1 , · · · , An }] = ∅, then add a node v1 , Ψ; ∆I \∆O −→ AI − [{A1 , · · · , An }] + [{B, C}] \AO , and add an arc v, v1 , 6. if (A1 ℘ · · · ℘An : − B ⊗ C) ∈ Ψ and AI ∩ [{A1 , · · · , An }] = ∅, then add two nodes v1 , Ψ; ∆I \Cl(∆I ) −→ AI − [{A1 , · · · , An }] + [{B}] \Cl(AI − [{A1 , · · · , An }]), v2 , Ψ; Cl(∆I )\∆O −→ Cl(AI − [{A1 , · · · , An }]) + [{C}]\AO , and add an arc v, v1 , v2 . Where, the Cl(X) used above is defined as follows. Cl(X) = {z ∈ M | x ∈ X, y ∈ M, and x = y + z} This algorithm always stops because there are only finite number of nodes and arcs. Note that X ⊂ Cl(X) for any P(M )-multiset X. This is because {z ∈ M | x ∈ X and z = 0 + z} ⊂ Cl(X). 36 Proposition 6.2.1 The initial proof graph is an abstract proof graph. Proof. Let S be an M -sequent and S1 · · · Sn S be a correct IOM inference step (n = 0, 1, 2). It is easy to verify that when S ∈ v for some node v in the initial proof graph, there exists an arc v, v1 , · · · vn and Si ∈ vi (i = 1, · · · , n). The case of ⊗ is easily proved by using A ⊂ Cl(A). 6.3 Refinement of Abstract Proof Graph In the previous section, we described the algorithm used to generate an initial abstract proof graph, but the generated graph might contain a lot of unprovable nodes. In this section, we discuss how to eliminate those unprovable nodes and arcs which correspond to redundant inference steps. This algorithm can be seen as an optimization procedure on proof graphs. To implement this, we borrow the idea of data-flow analysis. Each formula B ∈ F is considered as a variable, and the P(M ) value for B is considered as a set of possible values for the variable. Using data-flow analysis, this set of possible values will be reduced, and if it becomes the empty set, the node can be removed. We now consider what the data-flow in proof graphs is. In the I/O model, the input context usually comes up from a lower sequent, and the output context usually comes down from an upper sequent. In addition, in the case of (⊗)-rule, the output context of the upper left sequent goes to the input context of the upper right sequent. Therefore, we first split each node of proof graph into an input part and an output part. That is to say, the node Ψ; ∆I \∆O −→ AI \AO is split into Ψ; ∆I −→ AI as the input part and Ψ; ∆O −→ AO as the output part. we shall call each of the parts, the sub-nodes. So, the node can be drawn as follows. Ψ; ∆I −→ AI Ψ; ∆O −→ AO Now, we add data-flow links between sub-nodes for each AND arc (that is, for each inference step) in the initial abstract proof graph. Each link has a constraint specifying the condition of the inference step. The following describes what links and constraints are added for each AND arc. 37 Definition 6.3.1 Let G be a proof graph. The following defines the data-flow links for each AND arc in G where each link has constraint conditions C1 (∆I , ∆O ), C2 (AI , AO ). • If the arc is for (identity)-rule of the atomic formula A, the following link is added. | ↓ Ψ; ∆I −→ AI Ψ; ∆O −→ AO Constraint : C1 (∆I , ∆O ), C2 (AI , AO ) are ∗ (∆I − [{A}]) ∩ ∆O = ∅, (AI − [{A}]) ∩ AO = ∅ • If the arc is for (A1 ℘ · · · ℘An : −1), the following link is added. | ↓ Ψ; ∆I −→ AI Ψ; ∆O −→ AO Constraint: C1 (∆I , ∆O ), C2 (AI , AO ) are ∗ ∆I ∩ ∆O = ∅, (AI − [{A1 , · · · , An }]) ∩ AO = ∅ • If the arc is for (A1 ℘ · · · ℘An : −⊥), the following two links are added. Ψ; ∆I −→ AI Ψ; ∆O −→ AO ↑ ↓ Ψ; ∆I −→ AI Ψ; ∆O −→ AO Constraint for the left link: C1 (∆I , ∆I ), C2 (AI , AI ) are ∗ ∆I ∩ ∆I = ∅, (AI − [{A1 , · · · , An }]) ∩ AI = ∅ Constraint for the right link: C1 (∆O , ∆O ), C2 (AO , AO ) are ∗ ∆O ∩ ∆O = ∅, AO ∩ AO = ∅ • If the arc is for (A1 ℘ · · · ℘An : −B C), the following two links are added. Ψ; ∆I −→ AI Ψ; ∆O −→ AO ↑ ↓ Ψ; ∆I −→ AI Ψ; ∆O −→ AO Constraint for the left link: C1 (∆I , ∆I ), C2 (AI , AI ) are ∗ (∆I + [{B}]) ∩ ∆I = ∅, ((AI − [{A1 , · · · , An }]) + [{C}]) ∩ AI = ∅ 38 Constraint for the right link: C1 (∆ O , ∆O ), C2 (A O , AO ) are ∗ ∆O ∩ ∆O = ∅, AO ∩ AO = ∅ • If the arc is for (A1 ℘ · · · ℘An : −B ℘C), the following two links are added. Ψ; ∆I −→ AI Ψ; ∆O −→ AO ↑ ↓ Ψ; ∆I −→ AI Ψ; ∆O −→ AO Constraint for the left link: C1 (∆I , ∆I ), C2 (AI , AI ) are ∗ ∆I ∩ ∆I = ∅, ((AI − [{A1 , · · · , An }]) + [{B, C}]) ∩ AI = ∅ Constraint for the right link: C1 (∆O , ∆O ), C2 (AO , AO ) are ∗ ∆O ∩ ∆O = ∅, AO ∩ AO = ∅ • If the arc is for (A1 ℘ · · · ℘An : −B ⊗ C), the following three links are added. Ψ; ∆I −→ AI Ψ; ∆O −→ AO −→ Ψ; ∆I −→ AI Ψ; ∆O −→ AO Ψ; ∆I −→ AI Ψ; ∆O −→ AO Constraint for the left link: C1 (∆I , ∆ I ), C2 (AI , A I ) are ∗ ∆I ∩ ∆I = ∅, ((AI − [{A1 , · · · , An }]) + [{B}]) ∩ AI = ∅ Constraint for the top link: C1 (∆O , ∆ I ), C2 (A O , A I ) are ∗ ∆O ∩ ∆I = ∅, (AO + [{C}]) ∩ AI = ∅ Constraint for the right link: C1 (∆ ∗ ∆O ∩ ∆O = ∅, AO ∩ AO = ∅ Therefore, the links for the (identity)-rule and the (1)-rule connect from the input part of a node to its output part. With the exception of the (⊗)-rule, two links are added per arc. One is linked from input part of the starting node to the input part of the end of the arc; the other is linked from the output part of the end node to the output part of the starting node of the arc. The corresponding arc to the (⊗)-rule is the one from one node to two nodes. For this arc, three links, including one from the output part of the left side end of the arc to the input part of the right side end, are added. O , ∆O ), C2 (A O , AO ) are 39 Proposition 6.3.1 Let G be a proof graph with root node v0 . If G contains an IOM proof Π, there exists a path of data-flow links starting from the input part of v0 and ending at the output part of v0 , and each data-flow link in the path satisfies its constraint condition. Proof. It is easy to verify that any correct inference step of the system IOM satisfies the corresponding constraint conditions. Therefore, we can use an iterative algorithm widely used in optimizing compilers that propagates information through all possible paths. The outline of the information propagation algorithm is as follows. In the information propagation algorithm, we find possible values (P(M )-multisets) of ∆ and A for each sub-node Ψ; ∆ −→ A. The variables ∆(u) and A(u) hold (retain) possible values of ∆ and A respectively. Definition 6.3.2 (A Forward Propagation Algorithm) Let G be a proof graph with root node v0 . Let the sub-node u0 (Ψ; ∆I −→ AI ) be the input part of v0 , and sub-node u1 (Ψ; ∆O −→ AO ) be the output part. 1. For all sub-nodes u except u0 and u1 , set ∆(u) := ∅ and A(u) := ∅→Set ∆(u0 ) := ∆I , A(u0 ) := AI , ∆(u1 ) := ∆O and A(u1 ) := AO . 2. While depth-firth tracing all paths of data-flow links starting from the subnode that is the input part of v0 , do the followings ; here we let the link with constraint C1 (∆, ∆ ) and C2 (A, A ) be from the subnode u to u . • Calculate the minimum ∆ satisfying C1 (∆(u), ∆ ). • Calculate the minimum A satisfying C2 (A(u), A ). • Let ∆(u ) := ∆(u ) ∪ ∆ , A(u ) := A(u ) ∪ A . • If ∆(u ) and A(u ) have not changed, or if u = u1 , then return before tracing from u . • The others case, continue the trace of the link from u . 3. Update each subnode u by Ψ; ∆(u) −→ A(u). A Backward Propagation Algorithm can be similarly defined. Definition 6.3.3 (A Refinement Algorithm) 1. Do the forward propagation. 40 2. Do the elimination. • A Elimination Algorithm Eliminates the nodes where the input, output, or both parts are the empty set and the links have unsatisfiable constraints. 3. Do the backward propagation. 4. Do the elimination. This refinement can be repeated arbitrary times. In other words, the repeating execution of the refinement can be stopped at anytime. However, of course, there is no meaning to repeat the refinement when nothing changed by the information propagation step. 41 Chapter 7 Performance Measurements We developed a prototype system written in SICStus Prolog 3.7.1 (compact code) implementing the static analysis method described (based on P(M2 )) in this paper. We measure the execution time running under Linux (MMX 266MHz, 128Mb Memory). 7.1 The Sorting Program The list sorting program written in LL, in the section 5, is used for the analysis [19]. The following is the program given to the analyzer. g p p s℘s m m ::::::s p s s℘p s⊗m 1 m First, the analyzer creates the initial abstract proof graph from the above program and the goal sequent −→ g. The initial abstract proof graph consists of 57 nodes and 220 arcs. Next, the analyzer executes the refinement for the initial abstract proof graph. Table 7.1 represents its analysis results including the analysis time, time of the refinement execution, and the number of nodes and arcs after refinement. As the above proof graph is too large to describe in this paper, we will show the initial abstract proof graph and refined graph for the goal sequent 42 Table 7.1: Analysis result of sorting program. No. of nodes 57 25 15 15 No. of arcs 220 53 29 29 CPU(msec) 1530 11720 2160 2110 Initial proof graph After 1st refinement After 2nd refinement After 3rd refinement Table 7.2: Execution time (msec) of sorting program. Before analysis 120 3570 163080 After analysis 0.940 1.300 1.730 for sorting 5 elements for sorting 6 elements for sorting 7 elements s −→ s℘s (in fact, s −→ s2) in Figure 7.1 and Figure 7.2 respectively. The program Ψ is omitted in Figure 7.1 and Figure 7.2 because it is invariant in the proof graph. The initial abstract proof graph consists of 10 nodes, and the refined graph has only 4 nodes. We translated the sorting program into LLP. LLP is a compiler system of an intuitionistic linear logic programming language 1 [35][21]. Table 7.1 presents the execution times of the following two programs. 1. The translated sorting program without using the analysis result. 2. The optimized translated sorting program using the analysis result obtained by the analyzer. The difference between (1) and (2) is that (1) checks all rules at each inference step, but (2) does not check the rules eliminated by the analyzer. The sorting program was improved as the table . Furthermore, we know that the more elements are sorted, the larger the difference becomes. 1 http://bach.seg.kobe-u.ac.jp/llp/ 43 s’-->m+ s+ s’-->m* s* s’-->m+ s* s’-->m* s* s’-->m+ s* s’-->m’ s* s’-->m+ s* s’-->m s+ s’-->m’ s* s’--> s* s’-->m+ s* s’-->m s* s’--> s* --> s --> s+ s’--> s* s’-->m s* --> s --> s2 --> Figure 7.1: Initial Abstract Proof Graph 44 -->m --> s --> s+ --> -->m --> s --> s2 --> Figure 7.2: Refined Abstract Proof Graph 7.2 A Petri Net for Producer-Consumer System Figure 7.3 is a Petri Net that is the cooperation between two processes called Producer and Consumer. Producer prepares data and writes them to buffers. If there is no empty buffer, Producer must wait. Consumer reads the data supplied by Producer. The initial marking of the place “Empty buffer” is the total number of buffers available (initially, all the buffers are empty). The semaphore ensures that only one process can work with the data at a time. After reading the data, Consumer returns the empty buffer. The corresponding LL program can be written as follows: producer_starts :- data_ready. data_ready ℘ empty_buffers ℘ semaphore :data_in_buffer ℘ producer_starts ℘ semaphore. data_in_buffer ℘ semaphore ℘ consumer_waits :empty_buffers ℘ data_read ℘ semaphore. data_read :- consumer_waits. Table 7.3 presents the analysis result to check the reachability from the initial of “an arbitrary number n of empty buffers (and 0 data-in buffers)” to the final state of “an n data-in buffers (and 0 empty buffers)”. Most of the nodes and arcs are remained because it is actually reachable. 45 Figure 7.3: A Petri Net for a producer-consumer system. However, from the same initial state to the final state of “there are 0 data-in buffers” is detected as unreachable except the case where the initial state has 0 empty buffers. This tells us that our analysis method can be used to check Petri net reachability. 7.3 A Producer-Consumer Program The table 7.4 is the result of the analysis of a parallel execution of producerconsumer program. Table 7.3: Analysis result of Petri Net simulation. nodes 28 25 25 arcs 49 46 46 CPU(msec) 630 6100 5910 Initial proof graph 1st refinement 2nd refinement 46 Table 7.4: Analysis result of producer-consumer program. nodes arcs CPU(msec) 78 143 1440 67 127 13860 67 127 12310 Initial proof graph 1st refinement 2nd refinement goal :- result (producer ℘ consumer). producer :- ⊥. producer :- item producer. consumer :- result. consumer :- item ⊗consumer. For producing and consuming 500 elements, the optimized program using the analysis result takes 520 msec compared with the unoptimized program which takes 1190 msec. 47 Chapter 8 Conclusion In this thesis, we proposed a new static analysis method which is applicable for a fragment of a classical linear logic programming language. Andreoli et al. [5] proposed a static analysis method for their classical linear logic programming language LO, but their method did not cover the multiplicative conjunction. The multiplicative conjunction is analyzed on I/O model, which was originally introduced by Hodas and Miller [17], [18], to reduce the non-determinism in splitting of resources. To map the sequents into finite sets, we introduce a finite monoid M, +, 0 homomorphic to N (a set of natural numbers including 0) to finitely count the number of formulas occurring in the sequent. The selection of M is arbitrary, and it specifies the precision of the static analysis. We also use the power set P(M ) to list up the possible M values. We introduced an abstract proof graph representing all possible sequent proof constructed from a given program and a goal sequent. The abstract proof graph can be repeatedly refined by propagating information to eliminate nodes which correspond to unprovable sequents. The method of refinement is based on the idea of data-flow analysis of the optimizing compiler. Finally, we applied our prototype analyzer for a sorting program written in LL. The original program is too slow and it is practically uncomputable. On the other hand, the program optimized by using the analysis result is much faster. For example, the optimized program is about 2750 times faster for sorting 6 elements compared with the original program, about 94000 times faster for sorting 7 elements, and the more elements are sorted, the larger the difference becomes. Furthermore, our analysis method can also be used to check the Petri net reachability. 48 We are planning the following enhancements: • Extending our static analysis method to analyze programs which contains the additive conjunction & and the intuitionistic implication ⇒ (where A ⇒ B ≡!A B). • Developing a Forum implementation which incorporate our static analysis method. 49 Bibliography [1] S. Abramsky. Computational interpretations of linear logic. Theoretical Computer Science, 111:3–57, 1993. [2] S. Abramsky and S. Vickers. Quantales, observational logic, and process semantics. Mathematical Structures in Computer Science, 3:161–227, 1993. [3] J.-M. Andreoli. Logic programming with focusing proofs in linear logic. Journal of Logic and Computation, 2(3):297–347, 1992. [4] J.-M. Andreoli and R. Pareschi. Linear objects: Logical processes with built-in inheritance. New Generation Computing, 9:445–473, 1991. [5] J.-M. Andreoli, R. Pareschi, and T. Castagnetti. Static analysis of linear logic programming. In New Generation Computing,15, pages 449–481, 1997. [6] M. Banbara, K.-S. Kang, and N. Tamura. Java implementation of a linear logic programming language. In Information Processing Society of Japan Transactions on Programming, volume 40, Dec. 1999. (in Japanese). [7] M. Banbara and N. Tamura. Compiling resources in a linear logic programming language. In Proceedings of the Workshop on Parallelism and Implementation Technology for Logic Programming Languages, pages 32–45, 1998. [8] I. Cervesato, J. S. Hodas, and F. Pfenning. Efficient resource management for linear logic proof search. In R. Dyckhoff, H. Herre, and P. SchroederHeister, editors, Proceedings of the Fifth International Workshop on Extensions of Logic Programming — ELP’96, pages 67–81, Leipzig, Germany, 28–30 March 1996. Springer-Verlag LNAI 1050. [9] P. Cousot and R. Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoint. In 50 Proceedings of the 4th ACM Symposium on Principles of Programming Languages, 1977. [10] P. Cousot and R. Cousot. Abstract interpretation and application to logic programs. In Journal of Logic Programming,13, pages 103–179, 1992. [11] J.-Y. Girard. Linear logic. Theoretical Computer Science, 50:1–102, 1987. [12] J.-Y. Girard, Y. Lafont, and P. Taylor. Proofs and Types. Cambridge Tracts in Theoretical Computer Science 7. Cambridge University Press, 1988. [13] J. Harland and D. Pym. The uniform proof-theoretic foundation of linear logic programming. In V. Saraswat and K. Ueda, editors, Proceedings of the International Logic Programming Symposium, pages 304–318, San Diego, California, Oct. 1991. [14] J. Harland and D. Pym. A uniform proof-theoretic investigation of linear logic programming. Journal of Logic and Computation, 4(2):175–207, Apr. 1994. [15] J. Harland and M. Winikoff. Deterministic resource management for the linear logic programming language Lygon. Technical Report TR 94/23, Melbourne University, Department of Computer Science, 1994. [16] J. S. Hodas. Specifying filler-gap dependency parsers in a linear-logic programming language. In K. Apt, editor, Proceedings of the Joint International Conference and Symposium on Logic Programming, pages 622–636, Washington, DC, Nov. 1992. [17] J. S. Hodas. Logic Programming in Intuitionistic Linear Logic: Theory, Design and Implementation. PhD thesis, University of Pennsylvania, Department of Computer and Information Science, 1994. [18] J. S. Hodas and D. Miller. Logic programming in a fragment of intuitionistic linear logic. Information and Computation, 110(2):327–365, 1994. Extended abstract in the Proceedings of the Sixth Annual Symposium on Logic in Computer Science, Amsterdam, July 15–18, 1991. [19] J. S. Hodas and J. Polakow. Forum as a logic programming language: Preliminary results and observations. In M. Okada, editor, Proceedings of the Linear Logic ’96 Meeting, volume 3, Tokyo, Japan, 1996. Elsevier Electronic Notes in Theoretical Computer Science. 51 [20] J. S. Hodas and J. Polakow. Early observation on forum as a logic programming language. Unpublised, 1997. [21] J. S. Hodas, K. Watkins, N. Tamura, and K.-S. Kang. Efficient implementation of a linear logic programming. In Proceedings of the Joint International Conference and Symposium on Logic Programming, pages 145–159, 1998. [22] K.-S. Kang, M. Banbara, and N. Tamura. Efficient resource management model for linear logic programming languages. 1999. (in Japanese) submitted to Japan Society for Software Science and Technology. [23] K.-S. Kang, M. Banbara, and N. Tamura. A static analysis method for a classical linear logic programming language. 1999. (in Japanese) submitted to Information Processing Society of Japan Transactions on Programming. [24] K.-S. Kang and N. Tamura. A leveled io-model for a linear logic programming language. 1997. at Symbolic Logic and Computer Science (SLACS’97)(in Japanese). [25] K.-S. Kang and N. Tamura. A static analysis for classical linear logic programming language. In Proceedings of the 1999 International Conference on Logic Programming, page 610, 1999. [26] K.-S. Kang and N. Tamura. A static analysis method for a classical linear logic programming language. In Proceedings of the Workshop on Parallelism and Implementation Technology for (Constraint) Logic Programming Languages, pages 2–18, 1999. [27] N. Kobayashi and A. Yonezawa. ACL — A concurrent linear logic programming paradigm. In D. Miller, editor, Proceedings of the 1993 International Logic Programming Symposium, pages 279–294, Vancouver, Canada, Oct. 1993. MIT Press. [28] N. Kobayashi and A. Yonezawa. Typed higher-order concurrent linear logic programming. Technical Report 94-12, University of Tokyo, 1994. [29] Y. Lafont. The linear abstract machine. Theoretical Computer Science, 59:157– 180, 1988. Some corrections in volume 62 (1988), pp. 327–328. [30] P. Lincoln. Linear logic. ACM SIGACT Notices, 23(2):29–37, Spring 1992. 52 [31] D. Miller. The π-calculus as a theory in linear logic: Preliminary results. In E. Lamma and P. Mello, editors, Proceedings of the Workshop on Extensions of Logic Programming, pages 242–265. Springer-Verlag LNCS 660, 1992. [32] D. Miller. A multiple-conclusion meta-logic. In S. Abramsky, editor, Ninth Annual Symposium on Logic in Computer Science, pages 272–281, Paris, France, July 1994. IEEE Computer Society Press. [33] D. Miller. Forum: A multiple-conclusion specification logic. Theoretical Computer Science, 165(1):201–232, 1996. [34] D. Miller, G. Nadathur, F. Pfenning, and A. Scedrov. Uniform proofs as a foundation for logic programming. In Annals of Pure and Applied Logic,51, pages 125–157, 1991. [35] N. Tamura and Y. Kaneda. Extension of WAM for a linear logic programming language. In T. Ida, A. Ohori, and M. Takeichi, editors, Second Fuji International Workshop on Functional and Logic Programming, pages 33–50. World Scientific, Nov. 1996. [36] A. S. Troelstra. Lectures on Linear Logic. CSLI Lecture Notes 29, Center for the Study of Language and Information, Stanford, California, 1992. 53 Appendix A A Lemma of the Leveled I/O model Lemma A.0.1 In the IOL -Sequent L,U I{G}O, if there are no resources with consumption level L in I then O and I are same. Proof. We show by induction on the structure of IOL -derivation. 1. Base case • Case G = 1, O = I . • Case G = , O = I by definition of subcontext and hypothesis. 2. Inductive cases Induction Hypothesis : In each case, if Ξi is IOL -derivation of its end sequent ; Li ,Ui Ii {Gi }Oi and there are not resource with level Li in I , then Oi and Ii are same. • Case G =!G Ξ I {G}O – L,U I {!G}O By the induction hypothesis, O = I . L+1,U −1 • Case G = A pick RL,U (I , O, A) (a) L,U I {A}O By the hypothesis the and the definition of pick R, O = I . 54 Ξ A) L,U M {G}O (b) L,U I {A}O By the induction hypothesis, O = M , and by the hypothesis and the definition of pick R, M = I then O = I. Ξ pick RL,U (I , M , G ⇒ A) M {G}O L,U (c) L,U I {A}O By the induction hypothesis, M = O, and also by the definition of pick R, M = I . Therefore O = I . pick RL,U (I , M , G • Case G = G1 ⊗ G2 Ξ1 Ξ2 L,U I {G1 }M L,U M {G2 }O – L,U I {G1 ⊗ G2 }O By the inductive hypothesis, M = I and O = M . So that we holds O = I. • Case G = (R G) Ξ L,U R, L :: I {G } R, U :: O – G }O L,U I {R If we assume that there are no leveled R-formulas with level L in I at R, L :: I , then by the induction hypothesis, I = O. • Case G = (R ⇒ G ) Ξ R, 0 :: ı{G } R, 0 :: O L,U – L,U I {R ⇒ G }O By the induction hypothesis, R, 0 :: I = R, 0 :: O. Then we holds O = I . • Case G = (G1 & G2 ) Ξ1 L,U −1 I {G1 }M change U −1,L+1 (M , N ) Ξ2 L+1,U N {G2 }O thinable L+1 (O) – L,U I {G1 & G2 }O First we know that there are no resources with level U − 1 in M , from the hypothesis that resources with level L not exist in I , and then, by the induction hypothesis, M = I and O = M . So that we holds O = I 55 Appendix B A Proof of the Equivalence of the the Leveled I/O model and L Proposition B.0.1 (Completeness and soundness ) In the IOL -sequent L,U I {G}O, let I −(L,U ) O be a pair Γ, ∆ . Then L,U I {G}O is derivable iff Γ, ∆ −→ G is provable in L . Proof. We first show by induction on the structure of IOL -derivation that if L,U I {G}O is derivable then Γ; ∆ −→ G is provable at L too. 1. Base cases • Case G = 1, I = O, I −(L,U ) I = Γ, ∅ , and So then Γ; ∅ −→ 1 holds. • Case G = , subcontext U,L (O, I ) and I −(L,U ) O = Γ, ∆ . L,U I { }O So then Γ; ∆ −→ holds. 2. Inductive cases Induction Hypothesis : In each case, if Ξi is an IOL -derivation of its end-IOL Sequent, Li ,Ui Ii {Gi }Oi , and Ii −(Li ,Ui ) Oi = Γi , ∆i , then Γi ; ∆i −→ Gi is provable at L . Ξ L+1,U −1 L,U I {1}I . • Case L,U I {G}O I {!G}O is an IOL -derivation. 56 Ξ I {G}I Then also is derivable by Lemma. L,U I {!G}I ; As in the first base case, I = I and I −(L+1,U −1) I = Γ, ∅ . Then,by the induction hypothesis,Γ; ∅ −→ G is provable at L . So that Γ; ∅ −→!G is provable by the !R rule. pick RL,U (I , O, A) Case s an IOL -derivation. L,U I {A}O ; By the definition of pickR, I −(L,U ) O is Γ, A or Γ, ∅ ( Leveled Resource formulais A, 0 ). We can holds that Γ; A −→ A is provable at L by BC rule with no premise and Γ; · −→ A is provable at L by absorb and BC rule. Ξ pick RL,U (I , M , G A) M {G}O L,U Case is an IOL -derivation. L,U I {A}O ; If let be M −(L,U ) O = Γ, ∆ , then Γ; ∆ , G A −→ A is provable at L using BC rule from premise that Γ; ∆ −→ G is provable at L by the induction hypothesis. Otherwise, case of (G A) ∈ Γ, we also holds by absorb rule and same as above method. Ξ pick RL,U (I , M , G ⇒ A) M {G}O L,U is an IOL -derivation. Case L,U I {A}O ; By the fact O −(L,U ) O is Γ, ∅ we can know Γ; G ⇒ A −→ A is provable at L using BC rule from premise that Γ; · −→ G is provable at L by the induction hypothesis. Otherwise, case of (G ⇒ A) ∈ Γ, we also holds by absorb rule and same as above method. Ξ1 Ξ2 L,U I {G1 }M L,U M {G2 }O Case is an IOL -derivation. L,U I {G1 ⊗ G2 }O ; Let be I −(L,U ) M = Γ, ∆1 and let be M −(L,U ) O = Γ, ∆2 . By the induction hypothesis, Γ; ∆1 −→ G1 and Γ; ∆2 −→ G2 are provable at L . Then since I −(L,U ) O = Γ, ∆1 ∆2 , by the ⊗R rule, so Γ; ∆1 , ∆2 −→ G1 ⊗ G2 is provable at L where is multiset union. L+1,U −1 • • • • Ξ1 L,U −1 I {G1 }M change U −1,L+1 (M , N ) L+1,U Ξ2 N {G2 }O thinable L+1 (O) • Case L,U I {G1 & G2 }O is an IOL -derivation. ; Let be I −(L,U −1) M = Γ, ∆1 and let be N −(L+1,U ) O = Γ, ∆2 , then 57 by the definition of change U −1,L+1 (M , N ) and thinable L+1 (O), becomes ∆1 = ∆2 . By the induction hypothesis, Γ; ∆1 −→ G1 and Γ; ∆2 −→ G2 are provable at L . Then, when we assume ∆ = ∆1 and by the &R rule, so Γ; ∆ −→ G1 & G2 is provable at L . Ξ L,U R, L :: I {G} R, U :: O • Case G}O is an IOL -derivation. L,U I {R ; Let be I −(L,U ) O = Γ, ∆ , then ( R, L :: I ) −(L,U ) ( R, U :: O) = Γ, ∆ {R} . By the induction hypothesis, Γ; ∆, R −→ G is provable at L . Then, by the R rule, so too does Γ; ∆ −→ R G. Ξ L,U R, 0 :: I {G} R, 0 :: O • Case is an IOL -derivation. L,U I {R ⇒ G}O ; As in above case, let be I −(L,U ) O = Γ, ∆ , then ( R, 0 :: I ) −(L,U ) ( R, 0 :: O) = Γ∪{R}, ∆ , By the induction hypothesis, Γ, R; ∆ −→ G is provable at L . Then, by the ⇒R rule, so too does Γ; ∆ −→ R ⇒ G. The reverse direction of this theorem follows by simply inverting the construction described above. 58