#### ML with PTIME complexity guarantees

C S L '
ML with PTIME complexity guarantees?
Jacek Chrz?szcz 0
Aleksy Schubert 0
0 University of Warsaw , ul. Banacha 2, 02-097 Warsaw , Poland
Implicit Computational Complexity is a line of research where the possibility to inference a valid property for a program implies that the program runs in particular complexity class. Soft type systems are one of the research threads within the field. We present here a soft type system with ML-like polymorphism that enjoys decidable typechecking, type inference and typability problems and gives polynomial time computational guarantees for the running time of typed programs. 1998 ACM Subject Classification F.3.3 Studies of program constructs, F.4.1 Mathematical logic The design of a programming language may be focused on guarantees the language gives to a programmer or a software consumer. Implicit Computational Complexity studies machinefree methods to characterise particular complexity class, e.g. PTIME, NP, PSPACE. This line of research may lead not only to an interesting programming language, but also can give new insights to the theoretical analysis of the subject class. Soft type systems proposed by Gaboardi et al. [11, 12] that emerged from the Soft Linear Logic (SLL) of Lafont [19], are one of the proposals which makes the expected guarantees with relatively low annotation burden. One drawback of the soft type systems is that they use full second-order polymorphism to gain necessary uniformity of representation [20]. This, however, results in undecidable type-checking and type inference [6]. We regain the necessary uniformity by introduction of special constants similar in fashion to the ones used in [8] to obtain the completeness. Linear logic brought many characterisations of complexity classes in addition to the well established proposals such as [5, 7, 9, 18, 23, 27], to mention few. This was started by Girard in [16] where the Light Linear Logic (LLL) and Elementary Linear Logic (ELL) were proposed to characterise polynomial and elementary time complexities respectively by means of the cut elimination procedure. The ideas of LLL were taken up by Asperti and Roversi [1] who designed a more flexible affine variant of Girard's logic called Light Affine Logic. A type system which is based on these ideas was presented in [4]. Another line of research on linear logic and complexity classes was started by Lafont's Soft Linear Logic (SLL) [19] which characterises polynomial time complexity and is the starting point for the Soft Type Assignment (STA) systems by Gaboardi et al. [11, 12, 14] where certain form of typability guarantees reduction of lambda terms in polynomial time. The light logic principles have been used to characterise other interesting complexity classes for instance [25] uses Light
and phrases implicit computational complexity; polymorphism; soft type assignment
Introduction
? This work was partially supported by the Polish government grant no N N206 355836.
Linear Logic with additional operation + to characterise NP; LOGSPACE is characterised
by different versions of Stratified Bounded Affine Logic (SBAL) in e.g. [30, 21].
The type systems that are based on linear logic employ linear modalities (e.g. ! or ?) to
guard the necessary restrictions. The modalities control duplication of data by marking in
the type the particular function argument that is multiplied during the computation. This
has effect similar to the one obtained by Bellantoni, Cook and Leivant, but in a way which
results from more basic assumptions. For instance, their restriction is obtained by Baillot
et al. in [2] due to prefixing of arguments with ? and ! in Def. 5. Similar function has the
prefixing with ! in STA by Gaboardi and Ronchi Della Rocca [14].
In this paper we present a version of STA [14] with ML-like polymorphism and useful
data types such as booleans, integers and strings. The ambition of the paper is similar to
the one of [2] to present a contribution close to real language. However, we move the focus
here to polymorphism which is not present in the contribution of Baillot et al. nor in earlier
papers on monomorphic calculi [10, 6]. The ML polymorphism in our setting is presented
in a traditional way which contrasts with the presentation of [22] where a division into
upper class and lower class types is used. Moreover, we use linear equations over natural
numbers to express the necessary constraints, which is conceptually simpler to the approach
by Dal Lago, Sch?pp where E-unification is used or the approach by Baillot, Martin [
3
]
where additional disequality constraints are used.
We observe that the set of obtained functionals, in addition to the running time
guarantees, provides a natural way to program in a design pattern present in imperative
programming. When the pattern is followed all the memory is allocated before any essential
computation is done. In this way the dynamic allocation is no longer needed in the course
of computation. This way of programming is advised both by the Java Card manufacturers,
see e.g. [15, Sect. 2.4.3], and by software verification community, see e.g. [26, Sect. 3].
This paper is structured as follows. We present the syntax and semantics of the system
in Sect. 2. Then we explain the primitives of the language in Sect. 3. Basic properties of
MLSTA are presented in Sect. 4. The complexity guarantees of the system are proved in
Sect. 5 while the decidability of type related problems in Sect. 6. We conclude in Sect. 7.
2
ML-like system
MLSTA
We propose a type system which makes possible a more uniform treatment of input data.
The system is inspired by ML and uses several algebraic types. Its syntax and types are
defined as follows:
A ::= ? | ? ( A | A ? B | S!ij | (S!ij )k
s ::= !i??~.A
? ::= !iA
M ::= x | ?x.M | M1M2 | let x = M1 in M2 | c
A | N!j | B
(Linear Types)
(Type Schemes)
(Types)
(Terms)
(1)
where ? ? V, which is a countable set of type variables, i, j, k ? N, i.e. natural numbers,
with !0 meaning no ! at all, and c is a constant from the set ConstMLSTA listed in Fig. 2.
The set of linear types generated from the nonterminal A above is denoted TA, the set of
type schemes generated from the nonterminal s is denoted Ts, and the set of types generated
from the nonterminal ? is denoted T?. The contexts in this system are sets of pairs x : ?
or x : s.
The reduction relation contains ? rules and ? rules presented in Fig. 2. The presentation
of the typing rules requires a notion of a closure with respect to a context. For a type A
and a context ? we define the closure of A with respect to ? as Clos(?; A) = ??1, . . . , ?n.A
where {?1, . . . , ?n} = FTV(A)\FTV(?). The typing rules of the system are presented in
Fig. 1. To express that ? ` M : A is derivable in MLSTA we write ? `MLSTA M : A. We
introduce a succinct notation for derivations inspired by the Church-style form:
D ::=xA | xA?s | hD, x : Aiw | ?x?.D | D1D2 | h?x1, . . . , xn : ?.D, x : !?im | hDisp |
let x!i??~.B = D1 in D2
The subsequent cases in the above definition are in direct correspondence with the rules
presented in Fig. 1. This correspondence makes possible to represent uniquely derivations in
MLSTA with the terms defined above (still some terms generated with the grammar above
have no corresponding derivation in MLSTA). We sometimes write hD, ~x : A~iwn to denote
n-times application of the rule (w) with pairs x1 : A1, . . . , xn : An. In case a derivation D
ends with a judgement ? ` M : ? then we let Dterm = M , Dctxt = ?, and Dtype = ?.
s ? A
x : s ` x : A
(Ax)
x : s ? ConstMLSTA s ? A
` x : A
(AxC)
?, x : ? ` M : A
? ` ?x.M : ? ( A
(( I)
? ` M : ? ( A ? ` N : ?
?, ? ` M N : A
?, x1 : ?, . . . , xn : ? ` M : ? ? ? T? ? Ts (m)
?, x : !? ` M [x/x1, . . . , x/xn] : ?
? ` M1 : !iB
?, x : !iClos(?, ?; B) ` M2 : A
?, ? ` let x = M1 in M2 : A
? ` M : ?
?, x : A ` M : ?
(w)
?#?
(( E)
? ` M : ?
!? ` M : !?
?#?
(let)
(sp)
The main feature of soft type systems is their ability to control multiplication of data. One
piece of the mechanism is realised by the (m) rule. This rule makes explicit the demand of
an operator to duplicate some portion of data. The multiplication is reflected by ! in the
type. The second piece of the mechanism is realised by the (sp) rule. The latter is used when
the term it types is to be directly multiplied by a substitution present in the ?-reduction.
Note that when a term M1 is directly multiplied k1 times and is used inside another term
M2 that is directly multiplied k2 times the number of occurrences of M1 at some point of
the computation may be as high as k1 ? k2.
The traditional soft type assignment systems use the full polymorphism of the System F.
This makes possible to conveniently define data types and iterators over them, but it leads
to undecidability of the type inference and type checking problems [6]. In our proposal,
we provide access to the polymorphic expressibility in a structured fashion. It is achieved
through two mechanisms. The first one brings a few fixed algebraic types: strings, naturals,
booleans and products with appropriate constructors, destructors and iterators. The set of
algebraic types could be richer. This, however, would make the design of the model language
unnecessarily complicated. The second mechanism is the traditional let-polymorphism which
makes possible to define generic operations that work for different kinds of data.
The language we propose contains also a type of lists of booleans S!ij, called here strings,
which is our main recursive data structure The numbers i and j describe the complexity of the
let x = M1 in M2 ?? M2[M1/x]
(?x.M )N ?? M [N/x]
Constants:
The typed constants c : ? listed below belong to the set ConstMLSTA.
Booleans
Product
h?, ?i : ???.? ( ? ( ? ? ?
match : ????.? ? ? ( (? ( ? ( ?) ( ?
match hM1, M2i N ?? N M1 M2
0 : B
1 : B
ifte : ??.B ( ? ( ?
ifte 0 M1 M2 ?? M1
ifte 1 M1 M2 ?? M2
Natural numbers
n : N!j
add : N!j1 ( N!j2 ( N! max(j1,j2)+1
add n m ?? n + m
mul : N!j1 ( N!j2 ( N!(j1+j2)
mul n m ?? n ? m
iter : ??.N!j ( !j(? ( ?) ( ? ( ?
iter n F M ?? F (. . . (F M ) . . . ) (F applied n times to M )
Strings
[?; . . . ; ?] : Bi ( ? ? ? ( Bi ( S!ij
create : N!j ( !jBi ( S!ij
create n M ?? [M ; . . . ; M ] (n copies of M )
concat : S!j1 ( S!j2 ( S! max(j1,j2)+1
i i
concat [M1; . . . ; Mm] [N1; . . . ; Nn] ?? [M1; . . . ; Mm; N1; . . . ; Nn]
len : S!ij ( N!j
len [M1; . . . ; Mm] ?? m
Looping constructs
p0l,o.c.a. l,vpak?rpsk1 ::: ??????...((SSS!ij!!iijj())kk ? ? ??((SS!ij!ij+(1 ? ( (S!ij)k ? (k + 1 arguments)
? ( ?
pl(localvars M0 . . . Mk) ?? Ml
step : ((Bi ? B)k ? Bq ( (Bi ? Bl)k ? Bq) ( (S!ij)k Bq ( (S!ij)k Bq
where l = dlog(k + 1)e
step F (localvars M0 . . . Mk) ?? localvars M00 . . . Mk0
where F hhd(M0), . . . , hd(Mk?1), Mki ???? hN0, . . . , Nk?1, Mk0 i
Ni = hPi, lii
where l denotes the binary encoding of a number l
Mj0 = Pi1 :: ? ? ? :: Piw :: tl(Mj)
where i1 . . . iw is the subsequence of 0 . . . k ? 1 such that
?p lip = j and Mip 6= [ ]
hd([ ]) = h0i, 1i tl([ ]) = [ ]
hd([A1; . . . ; Am]) = hA1, 0i
tl([A1; . . . ; Am]) = [A2; . . . ; Am]
Figure 2 MLSTA constants, their types and reduction rules of MLSTA. Note that j, j1, j2 ? 1
when they represent the number of !?s. In addition the superscript of the form !j indicates that the
type has j ?hidden? bangs (they become explicit after a translation to STA, see Fig. 4).
string: i corresponds to the size of a symbol in the string ? each symbol is of type Bi, which
is a shorthand for B ? ? ? ? ? B (i times), while j, roughly speaking, reflects the complexity
of the string creation. Strings are used in the framework to simulate PTIME computations.
We provide a number of usual operators over strings. A string which combines n pieces of
basic data can be obtained using the bracket construct [a1; . . . ; an]. We can also create a
string of n copies of a particular piece of data create n a. The strings s1, s2 obtained in
one or another way can be combined by concatenation done with concat s1 s2.
Note that traditional iterative operation fold from functional languages is missing in
MLSTA. In principle we could introduce it to our language. However the traditional type
of the operation imposes too strict restrictions on the type of function that operates on
strings. In particular it is impossible to transform one string to another since this requires
duplication of the string constructor which is prohibited in the context of linear types.
We adopt a different approach. In order to do iterative programs on strings, we introduce
a step function, inspired by the encoding of a Turing Machine in [24]. Its functionality is to
put a program fragment, represented by the first argument f , into the context of an iterative
loop. Then step takes a tuple of several strings (S!ij)k ? ?federated? into a context of ?local
variables?. This structure is created with the localvars operation and it is the structure
over which the iteration is actually performed. In one iteration step the heads of the strings
can be freely moved around or dumped, but not duplicated. Some information can also
be stored in the accumulator, represented here by ?. One application of step f maps the
operation on heads done by its argument function f onto the corresponding operation on
federated strings. The mapped operation can then be iterated by iter as many times as
necessary in order to complete the whole string processing and in the end we can extract
the result using one of the projections p0, . . . , pk. Note that since the calculation is done in
constant space, all allocations must occur before starting the iteration. Indeed, it would be
impossible to extend any of the strings in the iterated function, as this would make types
incompatible. The simplest example of step usage is string reversal:
let rev = let fr = ? ((a0,b0),(a1,b1),q). ((a0,1),(a1,1),q) in
?s. p1 (iter (len s) (step fr) (localvars s [] 0))
In the above example we use a few syntactic simplifications, which are straightforward to
translate into core MLSTA. The federated tuple consists here of two strings and a (dummy)
boolean. In the beginning, the left string is the initial string s and the right one is the
empty string. The function fr takes two ?heads?: a0 and a1 paired with the booleans b0
and b1 respectively, carrying the information if the given head is real or dummy (in case
the given string is empty). Its result tells the step function to attach both a0 and a1 to
the right string in the order from right to left, i.e., a1 is attached first (where it came from)
and then a0. In case one of the strings was initially empty (here it is only possible for the
right one), the head on the corresponding position would be attached with a dummy cons
(observe condition Mip 6= [] in Fig. 2), i.e. would not be attached at all.
Now it is also possible to write the map function on strings:
let map = let fm = ? f ((a1,b1), (ar,br), (a2,b2)), q).
if q then ((a1,1), (ar,1), (a2,2), if b1 then 0 else 1)
else ((a1,1), (f ar,2), (a2,2), 1)
in ? f s. let n = len s in
p2 (iter (add (mul 2 n) 1) (step (fm f)) (localvars s [] [] 0));;
Another syntactic simplification can be seen here: although the two branches of if share
variables, the term can be written as linear using the trick if b then t[a] else s[a] ?
(if b then ?a.t[a] else ?a.s[a]) a. The function operates in two phases: in the first
phase the input string (put initially on the left federated string) is reversed and placed on
the middle string. In the second phase the middle string is mapped using f to the right
string, and reversed back to the original order in the process. The number of iterations is
2n + 1, which is n for each phase and 1 for phase change. The phase number is encoded as
a boolean, initially true (0) and then changed to false (1).
let fsel = ? ((sortedPartHead, sortedPartHasHead),
(maxSoFar, maxUsable),
(unsortedPartHead, unsortedPartHasHead),
(soFarSeenHead, soFarSeenHasHead), x).
if not maxUsable and unsortedPartHasHead and not soFarSeenHasHead then
(* start of selection phase *)
(sortedPartHead, 0), (maxSoFar, 1),
(unsortedPartHead, 1), (soFarSeenHead, 3), x
else if maxUsable and unsortedPartHasHead then (* selection phase in progress *)
cmp maxSoFar unsortedPartHead (fun smaller greater ->
(sortedPartHead, 0), (greater, 1),
(smaller, 3), (soFarSeenHead, 3), x )
else if maxUsable and not unsortedPartHasHead then (* end of selection phase *)
if sortedPartHasHead then (* end of selection phase for the first selection *)
(maxSoFar, 0), (sortedPartHead, 0),
(unsortedPartHead, 2), (soFarSeenHead, 3), x
else (* end of selection phase for other selections *)
(sortedPartHead, 0), (maxSoFar, 0),
(unsortedPartHead, 2), (soFarSeenHead, 3), x
else (* preparation for the next selection phase *)
if unsortedPartHasHead and soFarSeenHasHead then
(sortedPartHead, 0), (maxSoFar, 1),
(soFarSeenHead, 2), (unsortedPartHead, 2), x
else
(sortedPartHead, 0), (maxSoFar, 1),
(unsortedPartHead, 2), (soFarSeenHead, 2), x
let ssort = ?l. let n = len l in
p0 (iter (add (mul n n) n) (step fsel) (localvars [] [] l [] 0))
It is very interesting to note that the type of a map function defined in this way is
!j+2(Bi ( Bi) ( !S!ij ( S!ij+1, while the type of a map function defined directly in STA
corresponds to !j(Bi ( Bi) ( S!ij ( S!ij+1. The difference comes from the fact that in
MLSTA one iterates over natural numbers and in STA directly on the string itself.
Using this technique it is possible to program more complex functions on lists, e.g.
sorting, in particular selection sort, as shown in Fig. 3. This example uses another
syntactic trick: since boolean values can be freely multiplied using terms similar to cnt ?
?b.ifte b h0, 0i h1, 1i one does not need to worry about how many times a given boolean
variable is used in the term. Technically, sorting consists in running n phases of selecting
the largest element from unsorted remaining part of the initial string. In each phase one
needs to reverse the list twice, that is why we need n2 + n steps. It is interesting to note
that the choice of applying the cons in the same order as they appeared originally comes at
a cost of breaking symmetry of certain operations between two strings. Indeed, while it is
straightforward to reverse a string from left to right (as in the rev example above), reversing
it from right to left (as is done in the third case in Fig. 3) is a bit more technical.
It is worth stressing that the simulation of a Turing Machine we present below is in fact
a paradigmatic example of a natural computation that can be performed in our language.
4
Properties of MLSTA
Many of the results in this paper can be obtained in a simpler way when we operate not just
on any derivation, but on a derivation in a special, regular form. We start with its
presentation, which is of interest not only for technical reasons but also, as usual in such cases,
it indicates the presence of a few important tautologies (however, their further exploration
goes beyond the topic of the paper).
I Definition 1 (derivations in normal form). A derivation D of MLSTA is in normal form
when D = hD? , x : Aiw with D? in normal form and x 6? FV(D? term) or is in (m)-normal form.
A derivation D of MLSTA is in (m)-normal form when D = h?x : A.hD? , x : Aiw, y :
!nAimn with D? in (m)-normal form and x 6? FV(D? term) or is in (sp)-normal form.
A derivation D of MLSTA is in (sp)-normal form when D = hD? isp with D? in (sp)-normal
form or in logical normal form.
A derivation D of MLSTA is in logical normal form when it is
xA for some variable x,
xA?s for some variable x,
?x?.D? for some variable x and D? in logical normal form,
?x?.hD? , x : Aiw for some variable x and D? in logical normal form with x 6? FV(D? term),
?x?.h?x : A.D? , x : !kAimk for some variable x and D? in logical normal form with x 6?
FV(D? term),
D1D2 where D1 is in logical normal form and D2 is in (sp)-normal form,
let x!i??~.B = D1 in D2 where D1 is in normal form and D2 is in logical normal form.
I Proposition 2 (properties of derivations). If ? `MLSTA M : ? then the judgement has a
derivation in normal form.
Proof. The proof is using a special kind of reduction the normal forms of which are the
defined above normal forms. J
As a corollary we obtain a condition that says in which way we can drop a bang in the
final type of a term.
I Corollary 3 (dropping final bang). If ? `MLSTA M : !? then there is a context ?0 such that
!?0 ? ? and ?0 `MLSTA M : ? and for each x : ? ? ?\!?0 we have x 6? FV(M ).
Proof. By Prop. 2 there is a derivation of ? `MLSTA M : !? in normal form. We observe
that we can one by one remove the final (w) and (m) rules. At the end we have to arrive at
an (sp) rule since no logical normal form can assign a ! type to a term. J
A crucial part of the subject reduction proof is the interaction between substitutions and
the derivations. This is expressed in the following proposition.
I Proposition 4 (derivations and substitutions). If ? ` M : A then for each substitution
U : V * TA we have U (?) ` M : U (A).
Proof. Induction over the inference of ? ` M : A by cases according to its final rule.
? ?b0.ifte b0 CASEw?1[t0, . . . , t2w?1?1][t]
???? CASEw?1[t2w?1 , . . . , tn?1][t] if w > 0 and n > 2w?1
?
?
CASEw[t0, . . . , tn?1][t] = ?? ?b0.ifte b0 CASEw?1[t0, . . . , tn?1][t]
CASEw?1[ ][t]
if w > 0 and 0 < n ? 2w?1
?
???? t0
?
?? ?b0 . . . bw?1.t
if w = 0 and n = 1
if n = 0
Let expressions
let x = M in N = (?x.M )N
The proposition above makes it possible to describe the way the type instantiation
operation works in the context of derivations.
I Proposition 5. If ? ` N : A then ? ` N : A0 if Clos(?, A) ? A0.
Proof. This is an instance of Prop. 4, since if A0 = U (A) then dom(U ) ? FTV(?) = ? and
therefore U (?) = ?. J
We can now combine the previous two statements and obtain the substitution lemma for
our system.
I Lemma 6 (substitution lemma). If ?; x : !i??.A `MLSTA M : ? and ? `MLSTA N : !iA
where ? 6? FTV(?), then ?; ? `MLSTA M [N/x] : ?
Proof. The proof can be done almost in the same way as the proof of the Substitution
Lemma 2.7 in [13], i.e., by generalising the statement to many simultaneous substitutions
and proceeding by induction on the derivation by analysis of the last rule. The new/different
rules in MLSTA are (Ax), (AxC) and (let).
If the last step is (Ax) then M = x and we have x : ??.A ` x : B with ??.A ? B
and ? ` N : A where ? 6? FTV(?). Therefore one has ? ` N : B, by Prop. 5, because
Clos(?; A) ? B.
It is impossible that the last step is (AxC), because the context is empty.
If the last rule is (let), the result follows easily by induction hypothesis.
Other MLSTA rules are identical to their STAB counterparts. J
As a result of the substitution lemma we obtain the subject reduction property.
I Theorem 7 (subject reduction). If ? `MLSTA M : A and M ??? M 0 then ? `MLSTA M 0 : A.
5
MLSTA and PTIME
Observe that the MLSTA can easily be embedded into STA, in the same fashion as usual
ML can be embedded in System F [17, Section 3], see Fig. 4. This gives us polynomial
guarantee on the length of reductions.
I Theorem 8. Given a derivation ? `MLSTA M : ?, the number of reductions from M
can be bounded by |M |O(d) where: |M | is the size of the term M , defined as usual with one
caveat ? the size of a natural constant n is n; d is the degree of a derivation, defined as
the maximum nesting of (sp) rules in the derivation.
Proof. The translation of MLSTA into STA preserves types and degree of derivations, and
guarantees that every MLSTA reduction step is translated to a number of steps in STA.
The result of translation is bigger only by a linear factor from its original. In the end the
polynomial bound established for STA (Theorem 15 in [14]) works for MLSTA as well. J
Now, we aim at a proof that each TM in PTIME can be simulated in MLSTA by a term.
We start by a version of Lemma 16 and 17 from [14] for our built-in naturals and booleans:
I Lemma 9 (polynomials). Let P be a polynomial with positive coefficients in the variable x
of the degree deg(P ). There is a term P such that `MLSTA P : !deg(P )N!1 ( N!(2 deg(P )+1).
I Lemma 10 (boolean functions). Each boolean total function f : {0, 1}n ? {0, 1}m for
m, n ? 1 can be defined by a term f typable in MLSTA as ` f : Bn ( Bm.
The following theorem shows how one can encode polynomial Turing Machines in MLSTA.
For simplicity, we encode only deterministic machines which move their head (left or right)
at every step. Therefore a transition function can be encoded as ? : ? ? Q ? ? ? Q ? B,
where ? is the alphabet, Q the set of states and the last boolean value denotes the head
move: 0 denotes ?left? and 1 ?right?. Since ? and Q are finite, there exist sufficiently large
k and k0, such that ? ? Bk with 0k representing blank and Q ? Bk0 . Hence, according to
Lemma 10, there exists ? : Bk ? Bk0 ( Bk ? Bk0 ? B representing ?.
I Theorem 11. Let M be a Turing Machine. There is an MLSTA term MM such that
`MLSTA MM : !dSk ( B for some d where for each input s the term MM s reduces to 0 using
R(|s|) of reductions with R being a polynomial of degree O(d) if and only if M accepts s.
Moreover, MM can be constructed from M in polynomial time.
Proof. Let M be a deterministic TM with alphabet ? ? Bk, the set of states Q ? Bk0 and
transition function ?. Let S be a polynomial defining the maximal length of auxiliary tape
of M for all input strings of a given length. Let T be a polynomial defining the maximal
number of steps needed for all input strings of a given length. It is enough to construct the
space using S, the time using T and combine it all into the term MM equal
?s.let time = T (len s) in
let tape0 = concat s (create (S (len s)) 0k) in
let conf0 = localvars [ ] tape0 q0 in
is_acc (p2 (iter time (step F?) conf0))
where is_acc is a function of type Q ( B returning 0 if the state it receives as input is
accepting and F? is a simple wrapper around ? to match the input specification of step.
F? = ?((al,bl),(a,b),q). match (?(a,q)) ?a?q?d. ifte d ((al,1),(a?,1),q?)
ifte bl ((a?,0),(al,0),q?) ((al,0),(a?,0),q?)
The degree of the type derivation of MM, the degree of terms MM s for any s and the
parameter d depend in a linear way on the degree of the polynomials T and S. By Theorem 8
each term MM s can be reduced to a normal form in the number of reductions bound by a
polynomial of degree O(d). J
6
Decidability of typechecking with ML polymorphism
MLSTA enjoys decidable typechecking, type inference and typability problems. To prove
this we adapt the algorithm W also known as Hindley-Milner algorithm following [29].
The type checking problem (TCP) is the problem: given a term M , a type A, and a
context ?, is ? ` M : A derivable? The type inference problem (TIP) is the problem: given
a term M and a context ?, is there a type A such that ? ` M : A is derivable? Finally, the
typability problem (TP) is the problem: given a term M , are there a context ? and a type
A such that ? ` M : A is derivable? We describe the way the problems can be solved with
W -lin in the proof of Theorem 16.
The basic building block of the algorithm is the procedure of unification [28]. To make use
of the procedure we divide the type variables V into two infinite disjoint parts Vv ? Vc = V.
The set Vv contains substitutable type variables, called simply type variables below, and Vc
contains variables that serve the role of constants in unification, called constants below.
A substitution U that substitutes expressions on type variables (e.g. ?, ? etc.) is a unifier
of A =. A0 when U (A) = U (A0). It is important to note that elements of Vv do not occur in
the substitution applied to obtain an instance of a type in rules (Ax) and (AxC) in Fig. 1.
This unification enjoys the most general unifier property, but we cannot use it directly here.
Therefore we provide a special version of the most general unifier in Def. 13 below.
To express the procedure for typechecking, type inference, or typability we need a few
technical definitions. We say that ? is full with regard to a term M when dom(?) = FV(M )
this fact is denoted by Full(?; M ). We say that ? is linear with regard to a term M
when for each x : ? ? ? the variable x occurs freely exactly once in M . This is denoted by
Linear(?; M ). The set of algebraic constants defined in Fig. 1 is denoted as ConstMLSTA. The
algorithm we study here is presented in Fig. 5. The input for the algorithm is an environment
?, a term M , and a type A. The output is a substitution U and a set of equations E. The
situation that U, E are a valid output for ?, M, A is denoted as ? `Wl M : A ; (U, E).
x : N
A ` x : N
A ; (?, {N =. 0})
(Ax)
? ` M : N2
?, x : N1
A2 ; (U, E) x 6? FV(M ) (w)
A1 ` M : N2 A2 ; (U, E)
?, x : ?1 ?2 ` M : ?3 ?4 ; (U1, E1) . ?0, ?1, ?2, ?3, ?4 are fresh
E20 =mEgu1(?{UE12(??0{N(=(.?01, ?3?=2.) 0(} ?4))Fu=llU(?1;(?Nx.MA))})L=ine(aUr2(,?E;?2)x.M )
? ` ?x.M : N
A ; (U2 ? U1, E20)
(( I)
?#?
? ` M : ?1 ((?2 ?3) ( N A) ; (U1, E1) ?1, ?2, ?3, ?20, ?03 are fresh
mg{ux({:U?1x0(Ax)?=x.|Ux2(:?Nxx) | xA:xA?x ??,??}0x,??{xUa1r(e?f2resh?}3`) =M. U02:(??0220 ??0330);})(=U2(,UE32, )E3)
E4 = E1.? E2 ?.E3?
{N = 0, ?1 = 0} ? {Nx =. ?20 + ?x | x : Nx
Full(?, ?; M M 0) Linear(?, ?; M M 0)
?, ? ` M M 0 : N A ; (U3 ? U2 ? U1, E4)
Ax ? ?, ?x are fresh}
Full(?; M ) Full(?; M 0)
mgu(U1(??00, x1?:0?) =. U?01,(.N. .1, xnA:1?), U1?(?02` M?:02)?=2. U?1(02N;2 (UA12,)E)1=) (U2, E2)
E3 = E1 ? E2 ? {? + 1 =. N1} ?, ?0, ?2, ?20, ?00 are fresh
Full(?, x : N1 A1; M [x/x1, . . . , x/xn]) Full(?, x1 : ? ?0, . . . , xn : ?
?, x : N1 A1 ` M [x/x1, . . . , x/xn] : N2 A2 ; (U2 ? U1, E3)
?0; M )
? ` M1 : ?1 ?2 ; (U1, E1) ?1, ?2, ?1 . . . , ?n are fresh
U1(?), x1 : ?1 B1, . . . , xn : ?n Bn ` M20 : U1(N 0 A) ; (U2, E2)
M2 = M20 [x/x1, . . . , x/xn] Fres.h(B0, Bi) for i = 1, . . . , n B0 = Clos(U1(?); U1(?2))
E3 {=NEx1 =.??E12+??{x?i| +x : N=x?1 A+x??i0|?i,=?x1a,.re..f,rnes,h?}i0 are fresh=}?[n > 1]
?#? Full(?, ?; let x = M1 in M2) Linear(?, ?; let x = M1 in M2)
?, ? ` let x = M1 in M2 : N A ; (U2 ? U1, E3)
The intent is that in case this relation holds then for each solution U 0 of E the relation
U ? U 0(?) `MLSTA M : U ? U 0(A) holds as well. This property does not hold directly, but it
is spelled out in full technical detail by Lemma 15(4).
The actual algorithm works on types in a different syntax defined by this grammar:
A ::= N C N ::= ? | N1 + N2 | n
C ::= ? | A1 ( A2 | A1 ? A2 | Si | (S!ij)k
!j
s ::= N ??~.A
A | N!j
where n, i, j ? N. The set of types generated from the nonterminal A here is denoted as
TA , similarly generated from N is denoted as TN , and from C ? TC , and the set of type
schemes Ts . We use a general term -types to refer to elements of TA . The elements
generated from N are supposed to be expressions over natural numbers. We are free to
perform any operations as soon as they are correct. For example the expression 3 + 4 + ? is
understood to be equal to 7 + ?. We divide the set of type variables Vv = Vvl ? Vvn into two
disjoint sets Vvl for type variables that are used to generate TC and Vvn for type variables
that are use to generate TN . We impose additional restriction on the substitutions below
that variables in Vvl can be replaced by types from TC only and variables in Vvn by types
from TN only. Types defined in (1) as T? can now be translated to TA and back using the
following transformations:
I Definition 12 (from types to -types and back). We need a helper operation
We define now the transformation (?)? : T? ? TA
(!i?)? = (i + ?0) ?, where i ? 0, ?0 ? Vvn is fresh,
(!i(A B))? = (i + ?) ((A)? (B)?), where i ? 0, ? ? Vvn is fresh and ? {(, ?, },
(!iH)? = (i+?) H where i ? 0, ? ? Vvn is fresh and H ? {S!ij |, i, j ? N}?{N!j | j ? N}.
The transformation back J?K : TA ? T? is defined as
J? ?0K = ?0,
J(n) BK =!nJBK, where !0A = A,
JJ?? (HAK =BH)Kw=heJrAeK? ?JBVvK,n wahnedreH ??{S{(!ij|,, ?i,,j ?},N} ? {N!j | j ? N}.
Note that the translation back is correct only in case the translation in the context J? (A (
N C)K is always applied so that N = 0. A substitution S is proper wrt. a set of expressions
E when S(N ) = 0 in the subexpressions of the form ? (A ( N C) of expressions in E.
The operations (?)? and J?K extend to environments so that (?)? = {x : (A)? | x : A ? ?}
where (?)? ? {(?)?, J?K}.
The intuition behind the expressions presented here is that they make possible to more
explicitly control the ! modalities. These must be, however, controlled in a non-standard
way which cannot be handled with first-order unification techniques. The unification has
the usual first-order ingredient, but to control the numbers of ! in (( E) and (let) rules we
need a sort of second-order operation that can handle the presence of (sp) rules to obtain
the type of the argument (see the definition of E4 in the rule of (( E) in Fig. 5). The
number cannot be handled locally since an occurrence of a variable in a different part of a
derivation may require a higher number of (sp) that is immediately visible in the currently
handled rule. Therefore, we split unification into two parts, i.e. one tractable by first-order
techniques and one that operates on numerals and must be solved globally after the global
information on the use of the (sp) rule is gathered. This separation requires a more subtle
definition of the most general unifier operation. This is presented in the definition below.
I Definition 13 (most general unification pair). The operation mgu(?) : E ? Subst ? Subst ?
sEeNt ?of{fsauibl}s,tiwtuhteiroensE Vivsl t*he TsCet,oafnsdetEsNofisptahiressAet =o.f Ase0twsiotfhpAai,rAs0B? =.TAB0?wTiBth, BS,uBbs0t?isTtBhe,
is defined inductively as follows:
mgu({N1 AAA0111 ==.=..ANN222 A2} ? E, U0) = fail when mgu({A1 =. A2} ? E, U0) = fail,
mgu({A1 A02} ? E, U0) = fail when 6= ,
mgu({N1 A2} ? E, U0) = (U, E0 ? {N1 =. N2}) when mgu({A1 =. A2} ?
E, U0) = (U, E0),
mgu({A1 ( N1 A01 =. A2 ( N2 A02} ? E, U0) = fail when mgu({A1 =. A2, A01 =.
A02} ? E, U0) = fail,
A01 =. A2 ( N2 A02} ? E, U0) = (U, E0 ? {N1 =. 0, N2 =. 0}) when
mmgguu(({{AA11 =(.AN2,1A01 =. AA0102}=.?NE2, U0) = (U, E0),
mgu({N1 A1 N10 A2 N20 A02} ? E, U0) = fail when mgu({A1 =. A2, A01 =.
A02} ? E, U0) = fail for ,
mgu({N1 A1 N10 A01? ={. ?N,2 } A2
0m,gNu1(0{=C.10,=.NC202=.} 0?}E),wUh0e)n=mfgauil({wAh1en=. CA12, ,CNA22010a=r.eAd02iff}e?reEnt, Uty0p)e=co(Uns,tEa0n)tsfor
A02} ? E, U0) = (U, E0 ? {N1 =. 0, N2 =
.
? {?, },
mgu({C =. C} ? E, U0) = mgu(E, U0) when C is a type constant,
mgu({? =. A} ? E, U0) = fail when A 6= ? and ? occurs in A,
mgu({? =. A} ? E, U0) = mgu(E[A/?], [A/?] ? U0) when A = ? or ? does not occur in A,
mgu(?, U0) = (U0, ?).
By default mgu(E) = (U, E) where mgu(E, ?) = (U 0, E) and U = R ? U 0 where R is a
renaming of all variables in dom(U ) to fresh variables.
This most general unification pair enjoys the following natural property:
I Proposition 14 (correctness and completness of mgu(?)).
If mgu(E) = (U, E0) and E0 is solvable with U 0 proper wrt. E then for each A =. A0 ? E
where A, A0 ? TA ? TB it holds that U 0(U (A)) = U 0(U (A0)).
If there is U proper wrt. E such that Z(U (A)) = Z(U (A0)) for each A =. A0 ? E where
A, A0 ? TA ? TB and Z(?) = 0 for each ? ? Vvn then mgu(E) = (U1, E1) and there is a
substitution U 0 : Vvl * TA and a solution U 00 of E1 such that for each ? ? dom(U ) the
equality Z(U (?)) = Z(U 0(U1(U 00(?)))) holds.
Proof. A standard proof is left to the reader.
J
The main technical lemma that describes the operation of W -lin looks as follows.
I Lemma 15 (key lemma).
1. If ? ` M : A ; (U1, E1) then FTV(?, A) ? FTV({U1(?)|? ? dom(U1)}) = ?.
2. For any term M and context ? at most one rule in Fig. 5 can be used.
3. For any term M , context ?, and type ? if a rule in Fig. 5 is applied then for each of the
premises ?0 ` M 0 : ?0 and x : ? ? ?0 we have ? = B C.
4. If W -lin started with (?)? ` M : (A)? returns (?)? ` M : (A)? ; (U1, E1), and E1
is unifiable with U1# then for U = U1# ? U1 it holds that JU (?)K `MLSTA M : JU (A)K.
Moreover, the number of rules in the run of W -lin is the same as the number of rules
different than (sp) in the resulting derivation in MLSTA.
5. Let ? be a context and M a term. If there is a substitution U such that U (?) `MLSTA
M : U (A) then the algorithm W -lin infers (?)? ` M : (A)? ; (U1, E1), the set E1 is
unifiable by U1#, and there is a substitution U 0 such that for each variable ? ? dom(U )
Z((U (?))?) = Z(U 0(U1#(U1(?)))). Moreover, the number of rules other than (sp) in
a derivation in MLSTA is the same as the number of rules different than (sp) in the
resulting run of W -lin.
6. For each ?, M, A the algorithm W -lin terminates.
I Theorem 16 (decidability of TCP, TIP, and TP). The TCP, TIP, and TP for the system
MLSTA are decidable.
Proof. We use here the algorithm W -lin. Note that is always terminating by Lemma 15(6).
In case of TCP we are given a context ?, a term M , and a type ?. We may assume that ?
does not start with ! by Corollary 3. Then we apply W -lin with the input (?)? ` M : (?)?. In
case this is derivable we obtain by Lemma 15(5) a pair (U, E) where E is unifiable with some
U #. We now see that Z(?(U #(U ((?)?))) ` M : Z(?(U #(U ((?)?)))) is derivable in MLSTA,
but this is exactly the initial judgement as there are no variables in ?, ?. In case this is not
derivable by W -lin the initial judgement cannot be derivable in MLSTA by Lemma 15(4).
In case of TIP and TP we proceed in the same way, but we introduce substitutable
variables for types the existence of which we have to discover, namely for the resulting type
in case of TIP, and for the resulting type and the types in the context in case of TP. In
case of TP we have to, in addition, guess which variables in the context should have type
schemes. These variables must be packed by suitable let expression, essentially to manage
the polymorphism in the way compatible with W -lin. J
7
Conclusions and Further Work
The system MLSTA we propose here can be viewed, similarly as ML in relation to System F,
as a kind of interface over the system with full polymorphism, STA. The system offers
a reasonable polymorphism with algebraic data structures such as naturals, booleans, and
strings as well as recursion over the data types. All these features have their impredicative
counterparts in STA. This view suggests a number of enhancements that can be done.
One could develop the full theory of algebraic data types in our MLSTA, in particular
polymorphic lists or polymorphic binary trees. Another possible improvement is to introduce
more flexibility in the use of available constants. Currently, the programmer must provide
the numerical parameters such as j1, j2 in add that express the level of natural numbers the
addition operates in. One can extend our rule (AxC) to include the automatic calculation
of the indexes. At last one can try to exploit other systems such as STA+ or STAB [12] and
give their ML-like versions.
1
2
3
4
5
6
7
8
9
10
11
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Logic , 3 : 137 - 175 , January 2002 .
Patrick Baillot , Marco Gaboardi, and Virgile Mogbil . A polytime functional language from light linear logic . In Andrew D. Gordon, editor, Programming Languages and Systems, 19th European Symposium on Programming, ESOP 2010 , volume 6012 of LNCS , pages 104 - 124 .
Springer-Verlag, 2010 .
Patrick Baillot and Martin Hofmann . Type inference in intuitionistic linear logic . In Proceedings of the 12th International ACM SIGPLAN Symposium on Principles and Practice of Declarative Programming , PPDP '10 , pages 219 - 230 . ACM, 2010 .
Patrick Baillot and Kazushige Terui . Light types for polynomial time computation in lambda calculus . Information and Computation , 207 : 41 - 62 , January 2009 .
Stephen Bellantoni and Stephen Cook . A new recursion-theoretic characterization of the polytime functions . Computational Complexity , 2 : 97 - 110 , December 1992 .
Jacek Chrz?szcz and Aleksy Schubert . The role of polymorphism in the characterisation of complexity by soft types . In Piotr Sankowski and Filip Murlak , editors, Mathematical Foundations of Computer Science - 36th International Symposium, MFCS 2011 , volume 6907 of LNCS , pages 219 - 230 . Springer-Verlag, 2011 .
Alan Cobham . The intrinsic computational difficulty of functions . In Proceedings of the 1964 International Congress for Logic, Methodology, and the Philosophy of Science , pages 24 - 30 . North-Holland, 1964 .
Paolo Coppola , Ugo Dal Lago, and Simona Ronchi Della Rocca. Light logics and the call-by-value lambda calculus . Logical Methods in Computer Science , 4 ( 4 ), 2008 .
Ronald Fagin . Contriburions to the model theory of'finire srructures . PhD thesis , University of California at Berkeley, 1973 .
Marco Gaboardi and Simona Ronchi della Rocca. Type inference for a polynomial lambda calculus . In Stefano Berardi, Ferruccio Damiani, and Ugo De'Liguoro, editors, Types for Proofs and Programs , International Conference, TYPES 2008 , volume 5497 of LNCS , pages 136 - 152 . Springer-Verlag, 2009 .
Marco Gaboardi , Jean-Yves Marion , and Simona Ronchi Della Rocca. A logical account of PSPACE . In George C. Necula and Philip Wadler, editors, Proceedings of the 35th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL'08 , pages 121 - 131 . ACM, 2008 .
Marco Gaboardi , Jean-Yves Marion , and Simona Ronchi Della Rocca. Soft linear logic and polynomial complexity classes . ENTCS , 205 : 67 - 87 , April 2008 .
Marco Gaboardi , Jean-Yves Marion , and Simona Ronchi Della Rocca . An implicit characterization of pspace . ACM Trans. Comput. Logic , 13 ( 2 ): 18 : 1 - 18 : 36 , April 2012 .
Marco Gaboardi and Simona Ronchi Della Rocca . A soft type assignment system for ?- calculus . In Jacques Duparc and Thomas A. Henzinger, editors, Computer Science Logic, 21st International Workshop, CSL 2007 , 16th Annual Conference of the EACSL , volume 4646 of LNCS , pages 253 - 267 . Springer-Verlag, 2007 .
Gemalto. Java CardTM & STK Applet Development Guidelines . Gemalto, 2009 .
Jean-Yves Girard . Light linear logic . Information and Computation , 143 : 175 - 204 , June 1998 .
Program. Lang. Syst. , 15 ( 2 ): 211 - 252 , April 1993 .
Neil Immerman . Languages that capture complexity classes . SIAM Journal of Computing , 16 : 760 - 778 , August 1987 .
Yves Lafont . Soft linear logic and polynomial time . Theoretical Computer Science , 318 : 163 - 180 , June 2004 .
Mathematical Structures in Comp. Sci. , 16 ( 4 ): 713 - 733 , August 2006 .
Ugo Dal Lago and Ulrich Sch?pp . Functional programming in sublinear space . In Andrew D. Gordon, editor, Programming Languages and Systems, 19th European Symposium on Programming, ESOP 2010 , volume 6012 of LNCS , pages 205 - 225 . Springer-Verlag, 2010 .
Ugo Dal Lago and Ulrich Sch?pp . Type inference for sublinear space functional programming . In Kazunori Ueda, editor, Programming Languages and Systems - 8th Asian Symposium, APLAS 2010 , volume 6461 of LNCS , pages 376 - 391 . Springer-Verlag, 2010 .
Daniel Leivant . Stratified functional programs and computational complexity . In Mary S. Van Deusen and Bernard Lang , editors, Proceedings of the 20th ACM SIGPLANSIGACT Symposium on Principles of Programming Languages, POPL '93 , pages 325 - 333 .
ACM , 1993 .
Harry Mairson and Kazushige Terui . On the computational complexity of cut-elimination in linear logic . In Carlo Blundo and Cosimo Laneve , editors, Theoretical Computer Science, 8th Italian Conference, ICTCS 2003 , volume 2841 of LNCS , pages 23 - 36 . Springer-Verlag, 2003 .
Fran?ois Maurel . Nondeterministic light logics and NP-time . In Martin Hofmann, editor, Typed Lambda Calculi and Applications , 6th International Conference, TLCA 2003 , volume 2701 of LNCS , pages 241 - 255 . Springer-Verlag, 2003 .
Wojciech Mostowski . Rigorous development of JavaCard applications . In T. Clark, A. Evans , and K. Lano, editors, Proceedings of Fourth Workshop on Rigorous ObjectOriented Methods , London, 2002 .
Christos H. Papadimitriou . A note on the expressive power of Prolog. Bulletin of the EATCS , pages 21 - 22 , 1985 .
J. Robinson. A machine-oriented logic based on the resolution principle . Journal of the ACM , 12 ( 1 ): 23 - 41 , 1965 .
David A. Schmidt . The Structure of Typed Programming Languages . The MIT Press, 1994 .
Ulrich Sch?pp . Stratified bounded affine logic for logarithmic space . In Proceedings of the 22nd Annual IEEE Symposium on Logic in Computer Science, LICS 2007 , pages 411 - 420 .
IEEE Computer Society , 2007 .