- Email: [email protected]
On the Equivalence of Data Representations
On the Equivalence of Data Representations John C. Mitchell Computer Science Department Stanford University Stanford, California 9 4 3 0 5
1
Introduction
One goal of the m a t h e m a t i c a l theory of computation outlined in J o h n McCarthy's influential papers [McC61, M c C 6 3 ] is to provide methods for proving equations between procedures, and other computational processes. While equality is straightforward for natural numbers, strings, or first-order functions on these sets, equality is not as easily characterized for higherorder functions or user-defined types. This chapter is concerned with equivalence of d a t a representations, which might also be called implementations of a b s t r a c t d a t a types. For example, we might be interested in two representations of lists, where each "representation" includes both the way t h a t lists themselves are stored in memory and the implementations of the basic operations on lists. W e assume t h a t lists are only manipulated by a designated set of operations, such as nil, cons, and cdr, and consider two lists equal if they cannot be distinguished by these operations. A very natural way to show t h a t two representations are equivalent is to find a relation that is preserved by corresponding list operations. W e explore this idea using relations between semantic interpretations of a simple, illustrative programming language. W e prove t h a t the existence of a certain kind of relation is sufficient to guarantee equivalence of d a t a representations, and necessary if all the operations are first-order. This justifies a method for proving the equivalence of d a t a representations t h a t could be incorporated into a formal logic. We begin by considering equivalence for d a t a representations t h a t are provided as part of the semantics of the language ( "by the compiler" ) and then extend the analysis to d a t a representations defined within a simple
305
Copyright © 1991 by Academic Press, Inc. All rights of reproduction in any form reserved. ISBN 0-12-450010-2
Mitchell
306
function calculus. Although some of the development could be carried out without assuming each expression has a unique type, b o t h the informal discussion and the technical development are simplified by working with a typed language. The closest precurser t o this chapter is [Rey83], with the earliest directly related work appearing in [Mil71, Hoa72]. This chapter is in part based on the conference abstract [Mit86], which used a more complicated language and a more cumbersome technical setting. T h e form of semantics and relation used here are based on joint work with Andre Scedrov, reported in [ A M S W 9 1 ] , reformulated for the specific purpose of this paper and with as much category theory removed as possible. Some other studies t h a t are related t o the general method used here, but not specifically concerned with d a t a representations, are [ B T C 8 8 , M M 8 5 ] .
2
Observable Values and Equivalence
We m a y define equivalence for any type of value by identifying a set of observable values. For concreteness, we will use the natural numbers as observables. There is no loss of generality in sticking t o the natural numbers, since virtually any other set with a print representation for each element, and equality decidable from print representations, would give us the same form of equivalence. In particular, assuming t h a t natural number equality is definable by a function of type nat χ nat —• bool, we would get exactly the same equivalence relation if we used booleans instead of natural numbers. Having selected some set of observable values, we concentrate on programs that produce observables. To make this decision into a definition, we say that an expression M is a program if M is closed (has no free variables) and the type of M is t h e type nat of natural numbers. In other words, a program is any expression t h a t c a n be evaluated by itself, without requiring additional values for undeclared variables, and any result of evaluation is observable. We now define equivalence using the notion of p r o g r a m context. A context C[ ] is an expression with a "hole," indicated by empty square brackets. W e place an expression or p r o g r a m phrase in a context merely by inserting the expression into the place marked by empty square brackets, without renaming t o avoid capture of free variables. F o r example, if we place the variable χ in context Xx : nat. [ ] + 3, we obtain the closed lambda expression Xx : nat. χ + 3. W e say expressions M and Ν (of the same type) are observationally equivalent if, for every context C[] such t h a t b o t h C[M] and C[N] are programs, we have C[M] = C[N], In writing this, we assume for simplicity t h a t a divergent p r o g r a m has a semantic value (such as oo),
On the Equivalence of Data Representations
307
so t h a t C[M] = C[N] means C[M] halts iff C[N] does, and if they both halt they produce the same observable value. W e will usually abbreviate
observational equivalence to equivalence, except when making a comparison with other forms of equivalence. It is easy t o see t h a t observational equivalence is the m a x i m a l equivalence relation t h a t is both a congruence relation on expressions and the identity relation on the natural numbers (or other chosen observables). Specifically, if we equate two expressions M and Ν t h a t are not observationally equivalent, this forces us t o equate two distinct natural numbers, C[M] and C[N]. For this reason, observational equivalence is the strongest "natural" form of equivalence between p r o g r a m constituents.
3
Function Equivalence
T h e main topic of this chapter is equivalence of d a t a representations, which consist of one or more types and functions. Since this includes function equivalence as a special case, we begin with a discussion of function equivalence. This gives us an opportunity t o make some observations t h a t apply generally t o functions and other kinds of computable values, and also to point out some of the difficulties associated with equivalence of higher-order functions. Although the definition of observational equivalence in Section 2 is compelling, the definition is not directly useful in practical situations. If we are given two function expressions, M and N, the definition says they are equivalent if every p r o g r a m containing M has the same observable behavior as the p r o g r a m obtained by replacing M with N. However, t o prove M and Ν equivalent directly, we would have t o consider all programs t h a t contain one function expression or the other. This includes programs t h a t are far more complicated t h a n either M or N. W e are also led t o think about program t e x t s rather t h a n properties of the functions defined by M or N. A sufficient condition for function equivalence is extensional equality, namely, for every possible argument, each function has the same value. For first-order functions on observables, extensional equality coincides with observational equivalence. However, the two may differ at higher types. T h e reason is t h a t extensional equality of function expressions M and Ν depends on the domain we ascribe t o each. For higher-order functions, we m a y choose a domain t h a t contains arbitrary functions (as in oracle computation), computable functions (and there are various definitions of higher-order computability), or other classes of functions t h a t contain the computable ones but t h a t might have more convenient m a t h e m a t i c a l characterizations (such as continuous functions over one of various kinds of
Mitchell
308
ordered structures). Since these three choices give different notions of extensional equality, they cannot all coincide with observational equivalence. One approach to higher-order function equivalence is to construct a semantic model in which extensional equality coincides with observational equivalence. This has been pursued to some depth in the literature. A model with this property is said to be fully abstract [Mil77, Plo77, Sto88]. E x c e p t for syntactic constructions, which usually are not very informative, fully abstract models are generally difficult to come by. In fact, under certain assumptions about the desired form of model, some languages provably do not have fully abstract models. (See [Sto88] for examples and general discussion.) In this chapter, we will not a t t e m p t to characterize observational equivalence for higher-order functions. Instead, we characterize equivalence of d a t a representations in a way t h a t approximates observational equivalence in general, but is only exact when all the functions on the given d a t a type are first-order. This seems the best we could hope for without introducing some of the more specialized and complex techniques used t o construct fully abstract models of particular programming languages.
4
Typed Lambda Calculus
4.1
Syntax
We begin with a simple typed lambda calculus, adding d a t a - t y p e declarations in a later section. Although simple typed lambda calculus has no mechanism for declaring types, we m a y consider the effect of changing the interpretation of basic types. This leads to a theorem with a useful corollary for languages with d a t a - t y p e declarations. -
The types of the language we will call λ ^ ' * r
: : =
α
| r x r
| r
are given by the g r a m m a r , r,
where a may be any type constant. It will be technically convenient to assume we have a type constant 1 for the one-element type. In words, τι χ r 2 is the cartesian product of τι and r 2 , and T i —>τ 2 is the type of functions from τι t o r 2 . A signature for typed lambda calculus is a set of type constants and a set of t e r m constants, with each t e r m constant given a unique type. T h e type of a t e r m constant may only contain the type constants of the signature. The terms (or expressions) are outlined by the following g r a m m a r . More precisely, the terms of the language are all expressions generated by this
On the Equivalence of Data Representations
309
g r a m m a r t h a t are type correct:
M
:: =
c I χ | ( M , M) | P r o ^ M | Xx : τ.M \ MM.
Here c may be any t e r m constant of the signature and χ a t e r m variable. In words, ( Μ ι , M 2 ) is the pair whose first and second components are selected by applying P r o j x and P r o j 2 . Pairs have their standard cartesian product types. T h e expression λα: : τ.M defines a function from type r t o r ' , where r' is the type of function body M under the assumption t h a t variable χ has type r . For example, Xx : int.x + 3 would have type int —• int. Function application M\M2 is written as juxtaposition. T h e type of a t e r m with free variables depends on the context in which it occurs, since the t e r m variables themselves do not have any fixed type. (We could assume t h a t each t e r m variable has a fixed type, but this would lead to technical problems when we add type declarations.) A typing context Γ is a set Γ = {χι : σι, σ*.} of pairs associating at most one type to each variable. W e write Γ > Μ : σ t o indicate t h a t t e r m M has type σ in context Γ . Precise typing rules are given in the Appendix.
4.2
Semantics of Simple Typed Lambda Calculus
There are several ways of defining models of typed lambda calculus, notably Henkin models and the more general framework of cartesian closed categories [Bar84, L S 8 6 , M S 8 9 , Mit90]. W e will use a style of model t h a t does not appear elsewhere in the literature (as far as the author knows) but lies somewhere between Henkin models and cartesian closed categories. T h e reason for choosing this form of model is so t h a t various constructions t h a t do not produce Henkin models yield models. In particular, we want the family of relations between two models to be a model so t h a t we can prove properties of the meaning of a t e r m in the structure of relations. This may be done using cartesian closed categories, since our definition of model is equivalent to cartesian closed category, but the categorical approach requires e x t r a machinery (the global section functor into Set) and would exclude the reader unfamiliar with category theory. A general categorical treatment of models and relations is given in [ A M S W 9 1 ] . A semantic structure, or model, will consist of a family of sets, each the set of values of some type. In a Henkin model, cartesian product types are interpreted as sets of ordered pairs, function types as a set of functions, and so on. To obtain a more general class of structures, we will only require certain operations t h a t allow us t o manipulate elements of cartesian product type as if they were actually pairs, and similarly for other types. A X~*-structure Λ consists of the following parts:
Mitchell
310 A
(i) a set U , called t h e universe of A, including a distinguished element A
1
A
GU
and, for each A,Be
A
U,
elements Α χ Β and A ^ Β; A
(ii) for each type (member of the universe) A G U , a set [A] of elements A A B of A and for every A,Be U , an application function Apply ' : Λ Λ [A —> Β] χ [A] —• [ 5 ] so t h a t each element of a function type A —• Β determines a function from A t o B; Δ Λ (iii) for each A G [/ , a chosen identity element I d G [A —• A ] , representing the identity function, i.e., Apply I d χ = χ for every x G [A], Λ Λ AΔ and for every A,B,Ce U , f e [A—> B] and g G [ Β —• C ] , a specific element (go f) £ A C, called the composition of / and with the
property that Apply (go f)x = Apply g (Apply f x) for every x G [A]. These must satisfy the three conditions below. For notâtional convenience, we omit the square brackets and write a G A instead of α G [A] t o indicate that a is an element of type A: (iv)
for each A G t / , the type A —• 1 has one element; A
(v) for all A, B, C G U , [A*
there is a bijective correspondence, s
B)x[A*C]
Μ4(Βχ(7)],
with the property that the m a p from right t o left is given by composition with projections P r o j f (Α χ Β) 4 Β . If /
e
,B
€ (Α χ Β) ^ A and P r o j ^ '
A
for all A,B,Ce
U, Ρ
there is a bijective correspondence,
χ β) 4 C ]
s
Μ 4
(Β 4 C)],
with the m a p from right t o left sending / t o Β
Σ
Β
5
Α ρ ρ · Ο ( / Ο Ρ Γο ^ · , Proj^ ) for s o m e
fixed
App
G
A 4 Β and
corresponding element of A —• (Β χ C ) ; (vi)
ß
s c
G
({B
*C)xB)*C.
311
On the Equivalence of Data Representations
Although identity and composition are not determined by application in an arbitrary structure, they are in the special case t h a t Α χ Β is the ordinary Λ cartesian product of A and B, A —• Β is a set of functions from A t o B , and Apply (f,x) = f(x). It is a general result of category theory t h a t once we choose identity and composition, the interpretation of product and function types is uniquely determined (up t o bijective correspondence). A n interpretation J of a signature into a s t r u c t u r e A is a m a p from type A A constants t o U a n d t e r m constants t o elements of U such t h a t J ( c ) is an element of the right type (explained below). T h e m a p from type constants A to U gives us a straightforward interpretation Χ [ σ ] of type expression σ. A The m a p from t e r m constants t o elements of U must m a p a constant c : τ to an element of J [ l —• r j . It follows t h a t if c is a t e r m constant of type r , then J determines an element of J [ r ] by application. The meaning of a t e r m under a n interpretation I is defined inductively. T h e meaning of a t e r m Γ > Μ : σ, which is typed under assumption Γ = {χι : σ ι , . . . , X j t : σ^}, will be an element of Τ[σχ x . . . χ σ^ —• σ ] . A minor change of notation will make this easier t o define. Below, we will write a typing context {χχ : σ χ , . . . , Xk ' &k} in t h e form χ : σ, where χ = χ χ , . . . , Xk and σ = σ χ , . , . , σ ^ . W e will also overload notation and write σ for the type σχ χ . . . χ σ&, with χ associated t o the right. If σ is the empty sequence, then the corresponding type is σ = 1. In addition, for every type σ and integer i < k, we will write P r o j f ^ . for t h e composition of projection functions, P r o j ^ f c Ε Χ[σ—>σ^], giving t h e zth component of any sequence, (χχ, (x2,..., Xk)) Ξ Τ[σ]. T h e meaning X\x : σ > M : r ] of a well-typed t e r m is now defined by the following inductive clauses: I[x
: σ > Xi : σ < ]
=
I\x
:σ >c :r]
=
P r o j ^ σ
1(c) ο ο , where Ο
σ
is the unique
element of Χ\σ —> 1 ] T
: σ > P r o J i ' M : σ]
T
ο 1\χ
=
ProJi'
J[x :σ >ProJ2 M :r]
=
P r o j ! ^ ο T\x : σ > M : σ x r ]
I [ x : σ > ( M , N) : pxr]
=
the unique ρ G Τ [ σ —• ρ x r ] such r t h a t P r o J i ' ο ρ = Ι[χ : σ > Μ : σ]
I[x
, T
: σ >M : σ x r]
τ
and P r o J 2 ' ο ρ = Χ[χ : σ > Α Γ : τ ]
Τ [ χ : σ > Μ Ν : rj
=
σ
Αρρ '
(1{χ
τ
ο
:σ>Μ:σ^>τ],Ι[χ:σ>Ν:σ])
312
Mitchell I\x
: σ > Xy : p.Μ : ρ —• r ]
=
the unique / Ε Χ [ σ —• ρ —• τ ] such t h a t Vd G Ι\σ -+ pj, A p p ο ( / , d)
= X\x : ô,y : p> M : τ\ο
5
{là* ,d)
Data Representations Determined by the Compiler
5.1
An Example: Integer Multisets
Two compilers or interpreters for a programming language would generally be considered equivalent if every p r o g r a m produces identical results on either one. W e will examine implementation equivalence by considering alternative interpretations of multisets of natural numbers. L e t Σ be the signature with base types nat (for natural numbers) and ras (for multisets), and t e r m constants for arithmetic and multiset operations: 0,1
:
+ empty insert count
: : : :
nat nat —• nat —• nat ras nat —•ras—• ras ras —• nat —» nat
Informally, empty is the empty multiset, insert adds an element to a multiset, and count returns the multiplicity of a multiset element. Since we consider natural numbers the "observable output," we will assume t h a t each model interprets nat as the standard natural numbers. For the purposes of this discussion, we define an implementation for Σ to be an interpretation 1 such t h a t I(nat) = Ai and J ( 0 ) , J ( 1 ) , I ( + ) are standard,
but the interpretation of ras and operations empty, insert, count are arbitrary. The set Ai may be either the standard natural numbers, if we are not concerned with nonterminating expressions, or AiU {oo} as mentioned earlier. However, we must use the same set in all the interpretations we wish to compare.
We say that implementations J and J for Σ are observationally equivalent if, for any p r o g r a m M : nat, we have J [ M : nat\ = J\M
: nat],
that is, the meaning of M : nat in J is the same as the meaning of M : nat in J. The rest of this section is devoted to characterizing observational equivalence of implementations.
On the Equivalence of Data Representations
313
A first guess might be t h a t I and J are observationally equivalent iff there exists some kind of mapping between multisorted first-order structures,
(A/*, X(ms), 0 , 1 , -\-,X (empty), X (insert), X (count)) and
{λί, J(ms),
0 , 1 , + , J(empty),
J(insert),
J
(count)),
such as a homomorphism. This is partly correct, since a first-order homomorphism determines the kind of relation discussed in Section 5.2 below, and therefore guarantees equivalent results for any program. However, there are two reasons why homomorphisms are not an exact characterization. The first has to do with the fact t h a t elements of X(ms) and J(ms) that are not definable by terms are irrelevant. For example, let X be an implementation of multisets and let J be derived from J by adding some "nonstandard" multiset α with the property,
insert χα = α for all χ . Then X and J will be observationally equivalent, since the multiset α is not definable by any expression. However, there can be no homomorphism h from J to X, since there is no reasonable choice for h(a). A second reason why homomorphisms are unsatisfactory is t h a t an implementation m a y choose t o represent indistinguishable multisets, produced by different orders of insertion, as either the same or different d a t a structures. For example, an implementation may be structured so t h a t the result of inserting 1, 2, and 3 into the empty multiset is precisely the same d a t a structure as the result of inserting 1, 2, and 3 into the empty multiset, but the results of inserting 4, 5, 6 and 6, 5, 4 are different. If a second implementation does just the opposite, then there cannot be a homomorphism from one implementation to the other, even though the two implementations may be indistinguishable.
5.2
Relations for Simply Typed Structures
The discussion in the previous section suggests t h a t we should t r y to characterize equivalence of implementations using relations rather t h a n homomorphisms or other kinds of functions. In this section, we will define a form of relation between structures t h a t serves this purpose. A typed relation between structures A and Β is a family of relations A B between the sets of U and U . W i t h application and other operations inherited from Λ and B, the collection of all relations becomes a structure. We define the relational structure Rel(A, B) by:
Mitchell
314 Rel B)
A
• T h e universe JJ ^ is the set of all triples (R, A, B) with AeU B and B G U and i î Ç [Λ] χ [Β] a binary relation on the cartesian product of their elements.
• T h e set [(R, A, B)] of elements of (R, A, B) is the set R of ordered pairs. Application is determined coordinatewise by Apply (f, g) (x, y) —
{Apply fx, Apply g y). Rel A
A
B
B
• T h e distinguished element i ( > ) i s the triple (id, 1 , 1 ) where Λ » Rel Rel id C l ^ x r is the identity relation. W e define χ and —• by R
(R, A, B) x (R', Α', B') = (RxR',Ax f
(R, A,B) ™ (R ,Ä,B') with relations Rx
1
Α!, Β χ Β ),
= (R^R',A*
Α',B^B'),
R' and Ä—• R' as follows:
(a,α') Rx R' (b,b') fR-+R'g
iff iff
a R b and a' R' b', A B A B (Apply > f a) R' (Apply ^ '
gb)
whenever a R b.
• Composition of (f,g) G (R,A,B) ( / ' , < / > e (R',A',B')
^
™ (R",A",B")
(f',9')°(f,9)
(R',A',B')
and
is defined by
=
(f'°f,9'°9),
and distinguished elements are defined by pairing. (R,A,B) Id
=
{A
MM
For example,
B y
We claim below t h a t Rel(A, B) is a structure. The structure Rel (A, B) gives us a way of defining relations between interpretations into A and B. If 1 is an interpretation of some signature into structure A, and J is an interpretation of the same signature into B, then an interpretation Κ of this signature into Rel(A, B) gives us a relation / C [ T J for each type r . W e say Κ is compatible with X and J if, for each type constant a, we have K(a) Ç. X(a) χ J (a) and, for each t e r m constant c of type r , the interpretations X(c) and J(c) are related by / C [ l — • r ] . We will see below t h a t a compatible interpretation Κ gives us a relation / C [ r J between J [ r ] and ^ 7 [ τ | for each type r . This relation has the same properties as a logical relation between the X and J. (See [Sta85, Mit90].) One advantage of the present framework, as opposed t o previous approaches t o logical relations, is t h a t we can see t h a t relations at functional and
On the Equivalence of Data Representations
315
product type are uniquely determined, and not the result of some arbitrary decision. This follows from L e m m a 1 and the categorical fact mentioned earlier t h a t product and function types are uniquely determined. T h e following lemma, adapted from [ A M S W 9 1 ] , implies the Basic L e m m a of logical relations (also called the "Fundamental Theorem") [Sta85, Mit90]. -
Lemma 1 For any \*-> ~^ structures A and B, Rel(A,B) is a À * ' * ' * structure. If X is an interpretation of some signature into A, and J is an interpretation of the same signature into B, then for any compatible interpretation Κ into Rel(A, B), we have /C[r] Ç J [ r ] χ J\r\ for each type τ and x,
K\x : σ > Μ : σ] = (X\x : σ > M : σ ] , J[x : σ > M : σ ] ) <Ξ Κ\σ — σ] for each term χ : σ > M : σ. Proof Sketch.
It is straightforward to check t h a t Rel(A, B) is a structure. The remaining claims are verified by induction on types and terms. •
5.3
Equivalence of Implementations
We may show t h a t interpretations X (into . 4 ) and J (into B) for the signature with natural number multisets are observationally equivalent (with respect t o the natural numbers) iff there is a compatible interpretation Κ into Rel(AjB) such t h a t K(nat) is the identity relation on the natural numbers. This generalizes to any other d a t a type, or collection of related d a t a types, as long as all functions are first-order and we have a closed t e r m naming each natural number. If we have higher-order functions, then the existence of a relation (or compatible interpretation into Rel(A,B)) is sufficient but not necessary. T h e general situation is summarized in the following theorem about any signature giving a collection of possibly interdependent types and operations.
Theorem 1 Let Σ be some signature with type constant nat and let X and J be interpretations of Σ into structures A and B, respectively, with X(nat) = J(nat) = λί. If there is a compatible interpretation /C ο / Σ into Rel(A,B), with K(nat) the identity relation on natural numbers, then X and J are observationally equivalent. Conversely, ifX and J are observationally equivalent, Σ provides a closed term for each element of λί, and Σ only contains first-order functions, then there is a compatible interpretation Κ of Σ into Rel(A,B), with IC(nat) the identity relation. Proof. T h e first part of the theorem follows directly from L e m m a 1. For the proof of the second part, we must construct a compatible interpretation
Mitchell
316
JC. For each type constant s, we let / C ( s ) Ç I(s) x J(s) be the relation containing pair (a, b) iff there is a closed t e r m M of type s whose meaning A under J is α (or, to be precise, the constant function from 1 to T [ s ] whose value is a ) , and whose meaning under J is b. We must show t h a t for any function symbol / : s\ χ . . . x Sk —* s from Σ , if (a^, i^) G / C ( s i ) for J i = 1 , . . . , fc, then ( / ( a i , . . . , a ^ ) , / * ^ ( & i , . . . , G / C ( s ) ; but this follows easily from the choice of / C ( s ) . Since Σ provides a closed t e r m for each element of Λ/", it is easy to see t h a t IC(nat) is the identity relation. •
6 6.1
Data-type Declarations A Lambda Calculus with Type Declarations
In this section and the remainder of the chapter, we will study equivalence of data-type representations when written in a simple illustrative language. ,χ, The first step is to extend the simple lambda calculus λ^ "~* to a lana b s t e guage A y P with abstract data-type declarations. T h e declaration form, a b s t y p e t w i t h χ : σ i s (τ, M) i n iV, gives names t and χ to the type r and operation M , with scope N. Since we have arbitrary pairing, there is no loss of generality in assuming only one operation. For example, we might declare and use a d a t a type with one constant and one unary operation by writing a b s t y p e t w i t h χ :t x(t-+t)
is
( r , M ) i n iV,
where within the scope iV, the constant is given by P r o ^ x and unary operation by P r o j 2 x . There are several typing constraints associated with this construct, which is explained in detail in [MP88]. In a b s t y p e t w i t h χ : σ i s ( r , M) i n iV, the type of M must be the result [r/t]a of substituting r for t in σ, Ν must be well-typed under the assumption t h a t χ has type σ, and t may not occur in the type of any free variable of Ν other than x. This means t h a t the only operations on type t in Ν are those provided by x. T h e type variable t also must not be free in the type of N. This is an important scoping restriction in extensions of the language, which plays a minor technical role here. Note t h a t while many studies of d a t a types have been limited to first-order functions over some carrier, the operations associated with d a t a types in this language may be higher-order. a b s t
e
To define A y P more precisely, we begin by extending the type X expressions of X^' ^ with type variables, so t h a t type expressions have the form,
r
: : = a\t\rxr\r—*
r,
On the Equivalence of Data Representations
317
with α any type constant and t any type variable. W e continue t o assume t h a t 1 is among the type constants. A signature for A
a t ) S t
yP
e
is again a set of type constants and typed t e r m
constants, with a variable-free type designated for each t e r m constant. T h e
abstype,
terms, which now include
M
::=
are summarized by the g r a m m a r ,
c I χ | ( M , M ) | Proj^M | λχιτ.Μ \ MM | abstype t with χ : σ is (τ, M) in AT,
with the additional typing rule for abstype given in the Appendix. W e will call an expression ( r , M) a data representation, since this is a concrete representation of an a b s t r a c t d a t a type.
6.2
Meaning in λ ~* Structure 1,χ,
We will consider two semantic interpretations for A
a l D S t
e
y P , a simpler one
in this section and a more detailed semantics incorporating explicit dependence on free type variables in the next.
In the first semantics, we use
^ l , x , - > structures, with the meaning of a type depending on an assignment of semantic types t o type variables. A n interpretation J of a A
a l : ) S t
yP
e
-
signature into a λ ^ ' *
structure Λ
is a m a p from type constants to the universe of Λ and from t e r m constants and types of Λ t o elements of the appropriate type.
If Λ is a s t r u c t u r e ,
then an Λ type environment is a mapping,
η : Type-Variables —• U . A
The meaning Χ[σ]τ/ of any type expression σ in type environment η is defined as follows:
Ι[ΐ]η Ι[α]η
= =
η(ΐ) 1(a)
1{σχτ}η
=
Ι[σ]ηΰΐ[τ]η
Ι[σ-+τ]η
=
ΙΙσ]η*Ι[τ]η
T h e meaning of a t e r m Γ > M : σ in type environment η is defined by induction as before, except t h a t we must remember t o look up the value of each type variable in the type environment. Since all cases other t h a n
Mitchell
318 a b s t y p e are completely routine, we give only a few examples:
=
Ι[χ:σ>χί:σί\η
Prog™" x
1
:σ > c :r]
=
1(c) ο O ^ , where O ^ ^ is the unique element of Χ [ σ —• l]r/
Χ[χ:σ>ΜΑΓ:τ]η
=
App^ ^ * o(lx : σ > Μ : σ —• r ] n , I [ x :σ> Ν : σ\η)
I[x
7
7
The new case is the meaning of an a b s t y p e declaration. In words, the meaning of a b s t y p e t w i t h χ : σ i s (τ, M ) i n AT" is obtained by composing the meaning of N, considered as a function of x, with the meaning of M, where the meaning of Ν is taken in a type environment t h a t gives type variable t the meaning of r : I\x
: σ > abstype £ with χ : σ i s
(r, M ) in
: ρ]η
= I[x :σ,χ:σ>Ν
: ρ\η' ο (id, [χ : σ > M : [τ/ί]σ]η),
where η' — η[ί ^
Ί\τ\η].
An equation t h a t holds in this semantics is abstype t with χ : σ i s
( r , M ) i n A/" = [ M / x ] [ r / t ] i V ,
which will be useful in reducing observational equivalence for some special uses of a b s t y p e to the earlier analysis of observational equivalence for inχ terpretations of λ ! ' ' ~ \ One aspect of this equation t h a t deserves mention is the typing of the substitution instance [M/x][r/t]N. If Ν is well-typed assuming χ : σ, then it follows (see [Mit90], for example), t h a t [r/t]N will be well-typed under the assumption t h a t χ : [r/t]a. Since [r/t]a is precisely the type of M , the substitution instance [M/x][r/t]N is well-typed.
6.3
Observational Equivalence
According to our general definition of observational equivalence, a pair ( r , M) implementing a type t with operation χ : σ is equivalent to another such pair, (p,N), if for any natural number context C[ ] such t h a t both C[(T, M)] and C[(p, N)] are well-formed programs (closed expressions of type nat), we have C[(r,M)] = C[(p,N)]. It is clear from the g r a m m a r for the language t h a t any such context C[ ] must have the form, . abstype t with χ : σ i s
[ ] in
Ρ.
On the Equivalence of Data Representations
319
By the previous analysis involving relations, we would expect to show C[(r, M)] = C[(p,N)] by establishing t h a t for all relevant values of the free type and t e r m variables in P , ( r , M) and (p, iV), the interpretation of a b s t y p e t w i t h χ : σ i s (τ, M ) i n Ρ is related to a b s t y p e t w i t h £ : σ i s (ρ, N) i n P . Since this is considerably simplified if either (τ, M) and (p, iV) are closed, or we know the values of their free variables, we will consider these special cases first. These can be addressed using the semantics given above, while the more general situation requires the more complex semantics given in Section 7.
6.4
A Single Closed Data Representation
The simplest form of program context with a hole requiring a d a t a representation is C[]
::=
abstype t with χ : σ i s
[ ] in Ρ,
where in order for C[(r, M ) ] to be a program (closed nat expression), r and M must be closed and Ρ may only have t and χ free. Since an a b s t y p e declaration within Ρ could be eliminated by substitution, we may assume without loss of generality t h a t Ρ does not contain a b s t y p e . W e will say t h a t
data representations (r, M) and (ρ, N) are top-level observationally equivalence with respect to X and J if I [ C [ ( r , Af )]] = »7[C[(p, N)]] for all contexts of the form indicated above. In practical situations, we are probably most interested in the case where X = J, since this corresponds to rewriting a d a t a representation without changing the compiler or interpreter. However, if we consider sequences of nested declarations, we are naturally led to compare d a t a representations with respect to difference interpretations. Using extensions of interpretations X and J, we may reduce top-level ,x equivalent with respect to X and J to observational equivalence of À^'~* interpretations. If X is an interpretation for signature Σ not containing type constant a or t e r m constant / , then we can use ( r , M) to define an extension X' of J to signature Σ ' = Σ U {α, / : [α/ί]σ} with J l a b s t y p e t with χ : σ i s
(τ, M ) i n Ρ ]
=
X'\[f
Ix][a/t]P\
for any expression Ρ with t and χ : σ free. T h e interpretation X' is defined from X by letting X'(a) = T [ r ] and ! ' ( / ) = J [ M ] . To establish notation, let us write X' = X[a >—> X [ r ] , / ·—• Z | M ] ] . If J is an another interpretation for Σ , and (ρ, N) is another implementation for type t with operation 1 χ : σ, we may define an extension J similarly. B y construction, ( r , M) and (ρ, N) are top-level observationally equivalent with respect to X and
Mitchell
320
J iff extended interpretations X' and J' are observationally equivalent in the sense described in Section 4. This gives us the following corollary t o Theorem 1.
Corollary 1 Let X and J be interpretations of signature Σ into A and Β (respectively) and let (τ, M) and (p,N) be closed data representations for type t with χ\σ. Then (τ, M) is top-level observationally equivalent to (ρ, N) with respect to X and J if there is an interpretation Κ of Σ ' = Σ U {α, / : [a/t]a} into Rel(A, Β) that is compatible with X' = X[a t-> X\r\, / i—• X{Mj] and J' — J[a »—• J\r\, f i—• ^7[Μ]] and such that IC(nat) is the identity relation. If σ is a cartesian product of first-order function types, signature Σ provides a closed term for each element of Μ, and Σ only contains firstorder functions, then the converse also holds.
6.5
Sequences of Data Representations
The characterization of observational equivalence above generalizes easily to representations of several related d a t a types. These often arise in programming, as in defining types of matrices and vectors over some ring. If we want a function t o multiply a m a t r i x by a vector, and define matrices and vectors as separate d a t a types, there is no natural place t o define the multiplication operation. This problem is solved by defining both as part of the same a b s t r a c t d a t a type (which has two types). While this is easily done in the language presented in [MP88], we cannot do this here without extending the language. The more general form of abstract d a t a type declaration is a b s t y p e t\,...,tk
w i t h χ:σ
i s ( τ ι , . . . , τ&, M) i n Ρ
where the type of M must be the result [τχ,..., Tk/h,..., tk]c of substituting each Ti for U in σ. (In general, σ will contain all of the type variables ti,... ,tk.) It is easy t o see t h a t Corollary 1 extends t o this form of datatype declaration and "multisorted" d a t a representation ( τ ι , . . . , τ&, M), since Theorem 1 applies t o any λ ^ ' * signature with any number of type constants. Another situation t h a t arises quite often in practice is t h a t a program will begin with a sequence of data-type declarations, each referring t o one or more of the previous declarations. This results in a program of the form, a b s t y p e t\ w i t h x\ : σι i s (τι,Μι) i n a b s t y p e t2 w i t h x2 : σ2 i s (r2,M2)
in
On the Equivalence of Data Representations a b s t y p e tk w i t h xk :
321 i s (rk,Mk)
in
Ρ end end end, where we have used end's and indentation to indicate the scope of each declaration. T w o sequences of d a t a representations, ( r i , M i ) , . . . , (rk, Mk)
and (pi, N\),...,
(pk, Nk), are top-level observationally equivalent if any
program C [ ( r i , M I ) , . . . , (rk, Mk)) of the form above has the same observable value as the p r o g r a m C[(pi, i V i ) , . . . , (pk, Nk)] with (pi, Ni) in place of (ri,Mi). However, since each p r o g r a m is equivalent to one of the form, a b s t y p e t\,..., tk w i t h χ : σ\ χ . . . x ak i s ( r i , . . . , T f c , ( M i , . . . , M f c ) ) in P ,
observational equivalence for sequences of d a t a representations reduces to observational equivalence for d a t a representations with more than one type. In addition, we may consider incremental changes in sequences of d a t a representations. Suppose we have two sequences of d a t a representations, f = ( n , M i ) , . . . , (rkjMk) and ρ = ( η , Μ ι ) , . . . , (τ*, Mk). Given the development so far, it is easy to establish t h a t if f is observationally equivalent to ρ and f , (τ^+ι, M ^ + i ) is observationally equivalent to f , (pfc+i, Nk+i), then f , (rfc+i,Mfc+i) is observationally equivalent to ρ, (ρ&+ι, iVfc+i).
7 7.1
Data Representations with Free Variables Structures and Interpretations
The final problem is to give a sufficient condition for observational equivalence of d a t a representations t h a t m a y contain free type and t e r m variables. To construct relations t h a t illustrate the dependence on type variables explicitly, we will add explicit functions on types t o structures. T h e interpretation of a type expression with η free variables will be an n-ary function A A from U to U . W i t h each such function, we associate a set of elements also parameterized by η-tuples of types to serve as the meanings of terms. The meaning of a t e r m χ : σ > M : σ with free type variables t\,..., tn will be a function t h a t maps an η-tuple of values for t\,..., tn t o an element of
σ —^ σ. W i t h the extended form of s t r u c t u r e , we c a n also extend the language to include type and t e r m constants with type p a r a m e t e r s . Some intuitive
Mitchell
322
examples are the parameterized type list(t) of lists of type t and nil(t), the empty list of type list(t). To be precise, a signature consists of a set of type constants, each with a specific arity, and a set of t e r m constants, each with a specified arity (number of type parameters) and a type depending on the same number of type parameters. Type expressions now have the form, τ
:: =
α ( ί ι , . . . , ί η)
| t \ τχτ
\
τ->τ,
and terms have the form,
c ( t i , . . . , * n ) | χ | ( M , M ) | Proj^M | λχιτ.Μ
::=
M
abstype t with χ : σ i s
(τ, M)
| MM |
i n iV,
with precise typing rules again given in the Appendix. at)St e A A y P - s t r u c t u r e A consists of the following parts: , χ
_
(i) Α λ * ' ' structure Ao, consisting of universe Î / Q S distinguished elA
ement 1 ^ G U ,
elements Α χ Β and A 4
β for each A, B G
A
U,
and so on as in Section 4. (ii) For A U Λ 1, . U£,
A
each positive integer n, a collection U of n-ary functions from to Î / Q S including the constant function mapping any η-tuple to all n-ary projection functions, and such t h a t if F and G are in Λ then so are the functions mapping η-tuple u to F(u) χ G[u)
and F(u)
For notational simplicity, we write F x G for the A A function mapping u to F(u) x G(u), and similarly, F —> G. —> G(u).
(iii) For each function F G U^, a set [F] of functions / with f(û) G [-F(ü)]. The following conditions must be satisfied. Essentially, conditions (iv) and (v) say that each is a A ^ ' * ' ' structure. Condition (vi) gives us a way of treating any function of η type parameters as a function of η - j - m type parameters, and condition (vii) provides a semantic version of substitution of types for type variables in both types and terms. This is used to interpret a b s t y p e expressions. (iv)
For each F G
the parameterized identity I d
F{ü)
F
F
given by ld (ü)
=
must be in [F 4 F] and for each F, G, H G U£, f e [F * G\ Λ and g G [G —• H], the composition g ο f given by
Id
(g°f)(û) Λ must be in [F —> Η ] .
=
g(ü)of(ü)
On the Equivalence of Data Representations
323 4
(v) For each η a n d F G U£, there is exactly one element in [F —• Au.l- ] and for all F,G,H
G t/^, there must be bijective correspondences,
([F4G])x([F4fl]) [(F x G ) 4 f l ]
S S
[ F - ( G X J / ) 1 ,
[F4
(G 4 # ) ] ,
with t h e maps from right t o left determined by composition with G [ F x G —• F ] , P r o j 2 '
parameterized projections P r o j j ' F
G 4 G], and application A p p '
G
G [F x
G [ ( F 4 G) x F 4 G].
(vi) If F G U£ a n d G is an ( n H- m ) - a r y function on types t h a t is identical to F except for m vacuous additional arguments, then G G
U^.m.
Similarly, if / G [ F ] and function g of ( n + m ) arguments is identical to / except for m vacuous additional arguments, then g G [G]. A
(vii) If F G U ,
Α
G G υ +1
and # G [G], then the composition GF defined A
by GF(Ü) = G(ü,F(ü))
gF(û)
= g(û,F(û))
is in U
and the composition gp defined by
is in [GF].
An interpretation X of a signature into a structure ^4 is a m a p sending each type constant of arity η into U
A
a n d each t e r m constant c depending
on η type p a r a m e t e r s t o a n element of some [ F ] for appropriate F G t/^. If a type constant a(t\,...,
tn)
depends on η type parameters, then by condi-
tion (vi) we m a y also regard X(a) as a function of m + η type parameters. We write J ( a ) m +
A
n
t o indicate a n appropriate element of U +n.
Similarly,
if c is a t e r m constant depending on η type p a r a m e t e r s with J ( c ) G [ F ] for F G Uni then by condition (vi) there is a corresponding interpretation A
Z ( c ) n + m G [G] for any G G U +n
depending vacuously on additional type
parameters. We interpret a type expression with η free variables, t i , . . . , t n as a 1
A
1
function in U > T h e definition of function J l r ] ^ ' - ' * » ) G U£ m a y be given by a straightforward inductive definition. defining X[r]^'-'*»)
This gives the same result as
4
G l ^ t o be t h e function, M
where X[r]ry is the element of U
A
»- ΧΜ*/,
determined as in Section 6, except for
the addition of parameterized type constants discussed above. It is easy t o verify inductively t h a t Χ \ τ ψ ^ - ^ G U*. We give meanings t o t e r m s without a b s t y p e similarly. If ti,..., list containing all type variables in χ : σ > M : τ , then the meaning,
Χ\χ\σ>Μ\τψ^'"^\
tn is a
Mitchell
324 of this t e r m with respect to these free variables is the function,
Τ{χ\σ>Μ
( T / ( t i ) , . . . , f / ( t n) >
: φ ,
where X\x : σ > M : r]ry is the element of Τ [ σ —• τ]η determined as in Section 6. T h e only case t h a t might be confusing is a t e r m constant, since the form of interpretation has changed. For any c : τ and t\,... ,tn containing all type variables in r , we let
Xlx:a>c:r]
X{c)n ο 0 * M
( t l
--
(
t n )
t
, where O ^ J ' unique element of Χ\σ —• ΐ ] ( * ΐ ' · . · , * η ) >
=
l
'
ί η)
is the
This gives us a function from types to values for any t e r m not containing abstype. For a b s t y p e , we define the meaning of a t e r m in a way t h a t makes use of condition (vii) of the definition of structure. Note t h a t this condition has not been used for other terms. To define X\x : σ > a b s t y p e t w i t h χ : σ i s (τ, M) i n Ν : ρ], let F
=
J[r](*i'-'*»>
G
G g
= =
Ι[σχσψ^·"^ Ι[χ:σ,χ:σ>Ν
G £ # + 1, G [G].
: pj
Etf,
Then in the notation of condition (vii), we have X\x
: σ > abstype ί with χ : σ
is
(r, Μ )
in
iV : ρ | ( * ι > · · · > * η )
= gF ο < I d " , I [ x : σ > M : [ τ / ί ] σ ] ^ ' - ^ > ) , 1
where H(t\,...,tn) = X j ä ] ] ^ I t is not hard to show by induction l v t n on terms t h a t the meaning X\x : σ > M : r ] ^ " ' ^ of any term, considered as a function of its free type variables, is an element of the similarly parameterized meaning Χ\σ —• τ| ( * ι > · · · , * η ) 0f its type.
7.2
Relations
We may define a structure of relations between any pair of A
a b s t
yP
e
struc-
χ
tures in a manner analogous to relational λ^' '~^ structures. Specifically, for A
a b s t
yP
e
structures A and B , we define Rel(A, B) as follows: x
• For the required A*' '"^ structure, we take Rel(Ao, BQ) with universe JJREL(A,B) _ JJREL(A0IB0)
On the Equivalence of Data Representations •
325
EL D
For each positive integer n, let U£ ^ ) EL(A,B)
tions F from U* FA
A
GU
and FB
to U *
GU
B
E L { A) ß
b e the set of all n-ary funcfor which there exist
functions
such t h a t if
( Ä n , A n , Bn)) =
F((R\,Ai,B\),..., then Λ = FA(Au...,An)
(R,A,B)
and Β = FB(B1,...,
Note that F A
Bn).
and F ß are uniquely determined by F . EL ALB
• For all F G UN ^ \ fA G [FA]
and /
let [ F ] contain all functions / given by pairs
G [Fß] such t h a t
B
/ ( ( Ä l , i 4 l , B l ) , . . . , ( Ä n , A n , B n ) )
(fA(A1,...,An)JB(Bu...,Bn))
=
G [ F ( ( Ä i , A i , JBI), . . . , (Rn, An,
Bn))].
We define compatible interpretation into Rel(A, B) as in Section 4. In the following generalization of L e m m a 1, we show t h a t Rel(A, B) is a structure and describe the meaning of each t e r m .
T h e o r e m 2 For any A
a b s t
yP
e
structures A and B, Rel(A, B) is a A
a b s t
yP
structure. Let X be an interpretation of some signature into A, let J be an interpretation of the same signature into B, and let KL be a compatible interpretation into Rel(A, B). For any type τ over type variables t\,..., tn, ί ι ί η ' · " ' ) is a function with £ [ τ ] ( £ Ι τ ] ^ · · · ^ ) ( ( Α ι , Α ι , £ ι ) , . . . , (Rn, Ç
AN,
T [ T J ^ > - ' ' « ) ( A I , . . . , AN) a b s t
x
Bn)) J
[
r
]
(
*
i
—
.
.
.
,
Bn).
e
In addition, for each A y P term χ : σ > M : σ, the meaning K\x : σ > M : ig determined by the pair X\x : σ > Μ : σ]|(*ι>···>**), J ' [ χ : M : σ| ( ί ι , . · . , * η ) 1 ;a j ns a nc of Κ\σ —• σ]^ »···»**). element σ| ( < ΐ ν · · , * η ) P r o o f Sketch.
We show t h a t .Re/(A, ß ) is a structure by checking each
condition of the definition in turn. Generally, these reduce to properties -
of relations on A*'*' " structures.
T h e remaining claims are verified by
induction on types and terms.
7.3
•
Equivalence of Data Representations a b s t
e
Using relational A yP structures, we can give a sufficient condition for general observational equivalence t h a t is analogous to the one given
e
Mitchell
326 earlier for top-level equivalence of closed d a t a representations.
χ : σ > M : [r/t]a and χ:σ>Ν
Suppose
: [p/t]a are well-typed terms so that we could
consider placing ( r , M) or (ρ, N) in a context of the form, C
::=
. . . abstype t with χ : σ i s [ ] in Ρ . . . ,
requiring a d a t a representation for type t with operations Ignoring free variables in ( r , M ) and (p, AT), we would say t h a t if there are relations on the interpretations of r and ρ preserved by the meanings of operations M and iV, then (τ, M ) and (ρ, N ) are observationally equivalent. In stating this as a theorem, the relation between types is represented by an interpretation R e l A B of a fresh type constant into U ( > ) . Taking the free type variables of τ and ρ into account, we will demonstrate t h e equivalence of two d a t a representations by choosing a relation between the meanings of r and ρ for each set of values for the free type variables. This is reflected in the following condition as an interpretation of a parameterized type constant a(ti,..., tn) 6l AjB into Un ^ ^ · W e state the following as a corollary of T h e o r e m 2 since the proof is almost immediate. a b s t
e
C o r o l l a r y 2 Let X and J be interpretations o / A y P signature Σ into A and Β (respectively) and let x:a>M:[r/t]a and x:a>N:[p/t]a be well-typed terms such that (r, M) and (ρ, N) are data representations for type t with χ:σ. Assume all free type variables in τ,Μ,ρ, and Ν are among t\,..., tn. Then (r, M) is observationally equivalent to (ρ, N) with respect to X and J if there is an interpretation Κ of Σ' = Σ U { α ( £ χ , . . . , tn), f(t\,..., tn) : [ α ( ί ι , . . . , tn)/t](ä —• σ ) } into Rel(A, Β) that is compatible with X[
a(tu...,tn)~ / ( f l , . . . , f
and the analogous extension of J, relation.
Ι [ τ ] ( * ΐ ' - · Η n
) -
I[Ml<*i'-'«»>
]
and such that IC(nat) is the identity
This corollary gives a method for proving equivalence of d a t a representations. In the simpler cases considered earlier, the method was t o define a relation or family of relations and show t h a t these are preserved by the given operations. T h e most direct formalization would use secondor higher-order logic. Since t h e corollary above involves a relation p a r a m eterized by types, the straightforward formalization in a logic for proving equivalence would require predicate symbols with type or sort parameters. We have not investigated the e x a c t properties required of such a formal system.
On the Equivalence of Data Representations
327
A shortcoming of this corollary is t h a t the relation between σ and τ t h a t must be preserved by M and Ν only depends on a set of free type variables, not the free t e r m variables of M and N. Since relations parameterized by terms requires a substantially different m a t h e m a t i c a l framework, we leave this refinement to further research.
Appendix: Typing Rules We define the set of well-formed terms of each type using axioms and inference rules. Recall t h a t Γ > Μ : τ may be read, "in context Γ , the t e r m M has type τ." T h e typing axiom for an ordinary t e r m constant is 0>c:a,
(est)
where we assume t h a t c:a is given by the signature. For t e r m constant with a b s t e y P ) , we have the axiom, type paramenters (in second version of / \ 0 > φ ι , . . . , £ η ) :σ,
(est) for c(ti,..., is
tn)
: σ given by the signature. T h e typing axiom for variables
(var)
χ:σ>χ:σ.
The structural rule, ( AA
(add var)\
Γ> Μ :σ Γ,χ:τ>Μ :σ '
allows us to add variables to the typing context. T h e remaining rules each pertain to one form of term. ( - > Intro)
( - > Elim)
( χ Intro)
(χ
Elim)
Γ, χ : σ > Μ : τ Γ > (Χχ : σ.Μ) :σ—>τ ' Γ>Μ:σ->τ, Γ >
Γ>Ν
:σ
ΜΝ :τ
Μ : σ, Ν : τ Ν) : σ χ r
(Μ,
r
Μ : σ χτ T Pro# M : τ '
P r o j ^ ' M : σ,
Γ,χ:σ>ΛΓ:ρ, Γ > Μ : τ/ί σ (abstype) - — ; :—— — — t not in Γ , p. Γ > ( a b s t y p e t w i t h χ\σ i s (τ, M ) i n Ν) : ρ
Mitchell
328
References [AMSW91] S. Abramsky, J . Mitchell, A. Scedrov, and P. Wadler. Relators. Manuscript, 1 9 9 1 .
[Bar84]
H.P. Barendregt. The Lambda Calculus: Its Syntax and Semantics. North-Holland, A m s t e r d a m , 1984.
[BTC88]
V. Breazu-Tannen and T . Coquand.
of Polymorphism.
Extensional
Models
Theoretical Computer Science, 59:85-114,
1988. [Hoa72]
C . A . R . Hoare. P r o o f of Correctness of D a t a Representations.
Acta Informatica, 1:271-281, 1972. [LS86]
J . Lambek and P . J . Scott. Introduction to Higher-Order
Cat-
egorical Logic. Cambridge University Press, Cambridge, U . K , 1986. [McC61]
J o h n McCarthy. A Basis for M a t h e m a t i c a l Theory of Com-
putation. In Proc. Western Joint Computer Conj, pages 2 2 5 238, May 1 9 6 1 . L a t e r version in P. Braffort and D. Hirschberg
(eds.), Computer Programming and Formal Systems, NorthHolland, A m s t e r d a m , pages 3 3 - 7 0 , 1 9 6 3 . [McC63]
J o h n McCarthy. Towards a M a t h e m a t i c a l Theory of Compu-
tation. In Proc. IFIP Congress 62, pages 2 1 - 2 8 , Amsterdam, 1963.
North-Holland.
[Mil71]
R . Milner. An Algebraic Definition of Simulation between P r o grams. Technical R e p o r t CS 2 0 5 , Stanford University, 1 9 7 1 .
[Mil77]
R . Milner. Fully A b s t r a c t Models of T y p e d L a m b d a Calculi.
Theoretical Computer Science, 4 ( 1 ) , 1977. [Mit86]
J . C . Mitchell. Representation Independence and D a t a Abstrac-
tion. In Proc. 13th ACM Symp. on Principles of Programming Languages, pages 2 6 3 - 2 7 6 , J a n u a r y 1 9 8 6 . [Mit90]
J . C . Mitchell. T y p e Systems for P r o g r a m m i n g Languages. In
J . van Leeuwen, editor, Handbook of Theoretical Computer Science, 1990.
Volume B, pages 3 6 5 - 4 5 8 . North-Holland, A m s t e r d a m ,
On the Equivalence of Data [MM85]
[MP88]
Representations
329
J . C . Mitchell and A . R . Meyer. Second-Order Logical Relations. In Logics of Programs, pages 2 2 5 - 2 3 6 , Berlin, June 1 9 8 5 . Springer-Verlag L N C S 1 9 3 . J . C . Mitchell and G.D. Plotkin.
A b s t r a c t Types Have Exis-
tential Types. ACM Trans, on Programming Languages and Systems, 1 0 ( 3 ) : 4 7 0 - 5 0 2 , 1 9 8 8 . Preliminary version appeared
in Proc. 12th ACM Symp. on Principles of Programming Languages, 1985. [MS89]
J . C . Mitchell and P . J . Scott.
Typed L a m b d a Calculus and
Cartesian Closed Categories. In Proc. Conf. Computer Science and Logic June 14-20, 1987, Univ. Colorado Boulder, volume 92 of Contemporary Mathematics, pages 3 0 1 - 3 1 6 . Amer. M a t h . Society, 1989. [Plo77]
G.D. Plotkin.
L C F Considered as a P r o g r a m m i n g Language.
Theoretical Computer Science, 5:223-255, 1977. [Rey83]
[Sta85]
J . C . Reynolds. Types, Abstraction, and P a r a m e t r i c Polymorphism. In Information Processing '83, pages 5 1 3 - 5 2 3 . NorthHolland, A m s t e r d a m , 1 9 8 3 . R . S t a t m a n . Logical Relations and the Typed L a m b d a Calcu-
lus. Information and Control, 6 5 : 8 5 - 9 7 , 1985. [Sto88]
A. Stoughton.
Fully Abstract Models of Programming Lan-
guages. P i t m a n , London, and J o h n Wiley and Sons, New York, 1988.
1
Introduction
One goal of the m a t h e m a t i c a l theory of computation outlined in J o h n McCarthy's influential papers [McC61, M c C 6 3 ] is to provide methods for proving equations between procedures, and other computational processes. While equality is straightforward for natural numbers, strings, or first-order functions on these sets, equality is not as easily characterized for higherorder functions or user-defined types. This chapter is concerned with equivalence of d a t a representations, which might also be called implementations of a b s t r a c t d a t a types. For example, we might be interested in two representations of lists, where each "representation" includes both the way t h a t lists themselves are stored in memory and the implementations of the basic operations on lists. W e assume t h a t lists are only manipulated by a designated set of operations, such as nil, cons, and cdr, and consider two lists equal if they cannot be distinguished by these operations. A very natural way to show t h a t two representations are equivalent is to find a relation that is preserved by corresponding list operations. W e explore this idea using relations between semantic interpretations of a simple, illustrative programming language. W e prove t h a t the existence of a certain kind of relation is sufficient to guarantee equivalence of d a t a representations, and necessary if all the operations are first-order. This justifies a method for proving the equivalence of d a t a representations t h a t could be incorporated into a formal logic. We begin by considering equivalence for d a t a representations t h a t are provided as part of the semantics of the language ( "by the compiler" ) and then extend the analysis to d a t a representations defined within a simple
305
Copyright © 1991 by Academic Press, Inc. All rights of reproduction in any form reserved. ISBN 0-12-450010-2
Mitchell
306
function calculus. Although some of the development could be carried out without assuming each expression has a unique type, b o t h the informal discussion and the technical development are simplified by working with a typed language. The closest precurser t o this chapter is [Rey83], with the earliest directly related work appearing in [Mil71, Hoa72]. This chapter is in part based on the conference abstract [Mit86], which used a more complicated language and a more cumbersome technical setting. T h e form of semantics and relation used here are based on joint work with Andre Scedrov, reported in [ A M S W 9 1 ] , reformulated for the specific purpose of this paper and with as much category theory removed as possible. Some other studies t h a t are related t o the general method used here, but not specifically concerned with d a t a representations, are [ B T C 8 8 , M M 8 5 ] .
2
Observable Values and Equivalence
We m a y define equivalence for any type of value by identifying a set of observable values. For concreteness, we will use the natural numbers as observables. There is no loss of generality in sticking t o the natural numbers, since virtually any other set with a print representation for each element, and equality decidable from print representations, would give us the same form of equivalence. In particular, assuming t h a t natural number equality is definable by a function of type nat χ nat —• bool, we would get exactly the same equivalence relation if we used booleans instead of natural numbers. Having selected some set of observable values, we concentrate on programs that produce observables. To make this decision into a definition, we say that an expression M is a program if M is closed (has no free variables) and the type of M is t h e type nat of natural numbers. In other words, a program is any expression t h a t c a n be evaluated by itself, without requiring additional values for undeclared variables, and any result of evaluation is observable. We now define equivalence using the notion of p r o g r a m context. A context C[ ] is an expression with a "hole," indicated by empty square brackets. W e place an expression or p r o g r a m phrase in a context merely by inserting the expression into the place marked by empty square brackets, without renaming t o avoid capture of free variables. F o r example, if we place the variable χ in context Xx : nat. [ ] + 3, we obtain the closed lambda expression Xx : nat. χ + 3. W e say expressions M and Ν (of the same type) are observationally equivalent if, for every context C[] such t h a t b o t h C[M] and C[N] are programs, we have C[M] = C[N], In writing this, we assume for simplicity t h a t a divergent p r o g r a m has a semantic value (such as oo),
On the Equivalence of Data Representations
307
so t h a t C[M] = C[N] means C[M] halts iff C[N] does, and if they both halt they produce the same observable value. W e will usually abbreviate
observational equivalence to equivalence, except when making a comparison with other forms of equivalence. It is easy t o see t h a t observational equivalence is the m a x i m a l equivalence relation t h a t is both a congruence relation on expressions and the identity relation on the natural numbers (or other chosen observables). Specifically, if we equate two expressions M and Ν t h a t are not observationally equivalent, this forces us t o equate two distinct natural numbers, C[M] and C[N]. For this reason, observational equivalence is the strongest "natural" form of equivalence between p r o g r a m constituents.
3
Function Equivalence
T h e main topic of this chapter is equivalence of d a t a representations, which consist of one or more types and functions. Since this includes function equivalence as a special case, we begin with a discussion of function equivalence. This gives us an opportunity t o make some observations t h a t apply generally t o functions and other kinds of computable values, and also to point out some of the difficulties associated with equivalence of higher-order functions. Although the definition of observational equivalence in Section 2 is compelling, the definition is not directly useful in practical situations. If we are given two function expressions, M and N, the definition says they are equivalent if every p r o g r a m containing M has the same observable behavior as the p r o g r a m obtained by replacing M with N. However, t o prove M and Ν equivalent directly, we would have t o consider all programs t h a t contain one function expression or the other. This includes programs t h a t are far more complicated t h a n either M or N. W e are also led t o think about program t e x t s rather t h a n properties of the functions defined by M or N. A sufficient condition for function equivalence is extensional equality, namely, for every possible argument, each function has the same value. For first-order functions on observables, extensional equality coincides with observational equivalence. However, the two may differ at higher types. T h e reason is t h a t extensional equality of function expressions M and Ν depends on the domain we ascribe t o each. For higher-order functions, we m a y choose a domain t h a t contains arbitrary functions (as in oracle computation), computable functions (and there are various definitions of higher-order computability), or other classes of functions t h a t contain the computable ones but t h a t might have more convenient m a t h e m a t i c a l characterizations (such as continuous functions over one of various kinds of
Mitchell
308
ordered structures). Since these three choices give different notions of extensional equality, they cannot all coincide with observational equivalence. One approach to higher-order function equivalence is to construct a semantic model in which extensional equality coincides with observational equivalence. This has been pursued to some depth in the literature. A model with this property is said to be fully abstract [Mil77, Plo77, Sto88]. E x c e p t for syntactic constructions, which usually are not very informative, fully abstract models are generally difficult to come by. In fact, under certain assumptions about the desired form of model, some languages provably do not have fully abstract models. (See [Sto88] for examples and general discussion.) In this chapter, we will not a t t e m p t to characterize observational equivalence for higher-order functions. Instead, we characterize equivalence of d a t a representations in a way t h a t approximates observational equivalence in general, but is only exact when all the functions on the given d a t a type are first-order. This seems the best we could hope for without introducing some of the more specialized and complex techniques used t o construct fully abstract models of particular programming languages.
4
Typed Lambda Calculus
4.1
Syntax
We begin with a simple typed lambda calculus, adding d a t a - t y p e declarations in a later section. Although simple typed lambda calculus has no mechanism for declaring types, we m a y consider the effect of changing the interpretation of basic types. This leads to a theorem with a useful corollary for languages with d a t a - t y p e declarations. -
The types of the language we will call λ ^ ' * r
: : =
α
| r x r
| r
are given by the g r a m m a r , r,
where a may be any type constant. It will be technically convenient to assume we have a type constant 1 for the one-element type. In words, τι χ r 2 is the cartesian product of τι and r 2 , and T i —>τ 2 is the type of functions from τι t o r 2 . A signature for typed lambda calculus is a set of type constants and a set of t e r m constants, with each t e r m constant given a unique type. T h e type of a t e r m constant may only contain the type constants of the signature. The terms (or expressions) are outlined by the following g r a m m a r . More precisely, the terms of the language are all expressions generated by this
On the Equivalence of Data Representations
309
g r a m m a r t h a t are type correct:
M
:: =
c I χ | ( M , M) | P r o ^ M | Xx : τ.M \ MM.
Here c may be any t e r m constant of the signature and χ a t e r m variable. In words, ( Μ ι , M 2 ) is the pair whose first and second components are selected by applying P r o j x and P r o j 2 . Pairs have their standard cartesian product types. T h e expression λα: : τ.M defines a function from type r t o r ' , where r' is the type of function body M under the assumption t h a t variable χ has type r . For example, Xx : int.x + 3 would have type int —• int. Function application M\M2 is written as juxtaposition. T h e type of a t e r m with free variables depends on the context in which it occurs, since the t e r m variables themselves do not have any fixed type. (We could assume t h a t each t e r m variable has a fixed type, but this would lead to technical problems when we add type declarations.) A typing context Γ is a set Γ = {χι : σι, σ*.} of pairs associating at most one type to each variable. W e write Γ > Μ : σ t o indicate t h a t t e r m M has type σ in context Γ . Precise typing rules are given in the Appendix.
4.2
Semantics of Simple Typed Lambda Calculus
There are several ways of defining models of typed lambda calculus, notably Henkin models and the more general framework of cartesian closed categories [Bar84, L S 8 6 , M S 8 9 , Mit90]. W e will use a style of model t h a t does not appear elsewhere in the literature (as far as the author knows) but lies somewhere between Henkin models and cartesian closed categories. T h e reason for choosing this form of model is so t h a t various constructions t h a t do not produce Henkin models yield models. In particular, we want the family of relations between two models to be a model so t h a t we can prove properties of the meaning of a t e r m in the structure of relations. This may be done using cartesian closed categories, since our definition of model is equivalent to cartesian closed category, but the categorical approach requires e x t r a machinery (the global section functor into Set) and would exclude the reader unfamiliar with category theory. A general categorical treatment of models and relations is given in [ A M S W 9 1 ] . A semantic structure, or model, will consist of a family of sets, each the set of values of some type. In a Henkin model, cartesian product types are interpreted as sets of ordered pairs, function types as a set of functions, and so on. To obtain a more general class of structures, we will only require certain operations t h a t allow us t o manipulate elements of cartesian product type as if they were actually pairs, and similarly for other types. A X~*-structure Λ consists of the following parts:
Mitchell
310 A
(i) a set U , called t h e universe of A, including a distinguished element A
1
A
GU
and, for each A,Be
A
U,
elements Α χ Β and A ^ Β; A
(ii) for each type (member of the universe) A G U , a set [A] of elements A A B of A and for every A,Be U , an application function Apply ' : Λ Λ [A —> Β] χ [A] —• [ 5 ] so t h a t each element of a function type A —• Β determines a function from A t o B; Δ Λ (iii) for each A G [/ , a chosen identity element I d G [A —• A ] , representing the identity function, i.e., Apply I d χ = χ for every x G [A], Λ Λ AΔ and for every A,B,Ce U , f e [A—> B] and g G [ Β —• C ] , a specific element (go f) £ A C, called the composition of / and with the
property that Apply (go f)x = Apply g (Apply f x) for every x G [A]. These must satisfy the three conditions below. For notâtional convenience, we omit the square brackets and write a G A instead of α G [A] t o indicate that a is an element of type A: (iv)
for each A G t / , the type A —• 1 has one element; A
(v) for all A, B, C G U , [A*
there is a bijective correspondence, s
B)x[A*C]
Μ4(Βχ(7)],
with the property that the m a p from right t o left is given by composition with projections P r o j f (Α χ Β) 4 Β . If /
e
,B
€ (Α χ Β) ^ A and P r o j ^ '
A
for all A,B,Ce
U, Ρ
there is a bijective correspondence,
χ β) 4 C ]
s
Μ 4
(Β 4 C)],
with the m a p from right t o left sending / t o Β
Σ
Β
5
Α ρ ρ · Ο ( / Ο Ρ Γο ^ · , Proj^ ) for s o m e
fixed
App
G
A 4 Β and
corresponding element of A —• (Β χ C ) ; (vi)
ß
s c
G
({B
*C)xB)*C.
311
On the Equivalence of Data Representations
Although identity and composition are not determined by application in an arbitrary structure, they are in the special case t h a t Α χ Β is the ordinary Λ cartesian product of A and B, A —• Β is a set of functions from A t o B , and Apply (f,x) = f(x). It is a general result of category theory t h a t once we choose identity and composition, the interpretation of product and function types is uniquely determined (up t o bijective correspondence). A n interpretation J of a signature into a s t r u c t u r e A is a m a p from type A A constants t o U a n d t e r m constants t o elements of U such t h a t J ( c ) is an element of the right type (explained below). T h e m a p from type constants A to U gives us a straightforward interpretation Χ [ σ ] of type expression σ. A The m a p from t e r m constants t o elements of U must m a p a constant c : τ to an element of J [ l —• r j . It follows t h a t if c is a t e r m constant of type r , then J determines an element of J [ r ] by application. The meaning of a t e r m under a n interpretation I is defined inductively. T h e meaning of a t e r m Γ > Μ : σ, which is typed under assumption Γ = {χι : σ ι , . . . , X j t : σ^}, will be an element of Τ[σχ x . . . χ σ^ —• σ ] . A minor change of notation will make this easier t o define. Below, we will write a typing context {χχ : σ χ , . . . , Xk ' &k} in t h e form χ : σ, where χ = χ χ , . . . , Xk and σ = σ χ , . , . , σ ^ . W e will also overload notation and write σ for the type σχ χ . . . χ σ&, with χ associated t o the right. If σ is the empty sequence, then the corresponding type is σ = 1. In addition, for every type σ and integer i < k, we will write P r o j f ^ . for t h e composition of projection functions, P r o j ^ f c Ε Χ[σ—>σ^], giving t h e zth component of any sequence, (χχ, (x2,..., Xk)) Ξ Τ[σ]. T h e meaning X\x : σ > M : r ] of a well-typed t e r m is now defined by the following inductive clauses: I[x
: σ > Xi : σ < ]
=
I\x
:σ >c :r]
=
P r o j ^ σ
1(c) ο ο , where Ο
σ
is the unique
element of Χ\σ —> 1 ] T
: σ > P r o J i ' M : σ]
T
ο 1\χ
=
ProJi'
J[x :σ >ProJ2 M :r]
=
P r o j ! ^ ο T\x : σ > M : σ x r ]
I [ x : σ > ( M , N) : pxr]
=
the unique ρ G Τ [ σ —• ρ x r ] such r t h a t P r o J i ' ο ρ = Ι[χ : σ > Μ : σ]
I[x
, T
: σ >M : σ x r]
τ
and P r o J 2 ' ο ρ = Χ[χ : σ > Α Γ : τ ]
Τ [ χ : σ > Μ Ν : rj
=
σ
Αρρ '
(1{χ
τ
ο
:σ>Μ:σ^>τ],Ι[χ:σ>Ν:σ])
312
Mitchell I\x
: σ > Xy : p.Μ : ρ —• r ]
=
the unique / Ε Χ [ σ —• ρ —• τ ] such t h a t Vd G Ι\σ -+ pj, A p p ο ( / , d)
= X\x : ô,y : p> M : τ\ο
5
{là* ,d)
Data Representations Determined by the Compiler
5.1
An Example: Integer Multisets
Two compilers or interpreters for a programming language would generally be considered equivalent if every p r o g r a m produces identical results on either one. W e will examine implementation equivalence by considering alternative interpretations of multisets of natural numbers. L e t Σ be the signature with base types nat (for natural numbers) and ras (for multisets), and t e r m constants for arithmetic and multiset operations: 0,1
:
+ empty insert count
: : : :
nat nat —• nat —• nat ras nat —•ras—• ras ras —• nat —» nat
Informally, empty is the empty multiset, insert adds an element to a multiset, and count returns the multiplicity of a multiset element. Since we consider natural numbers the "observable output," we will assume t h a t each model interprets nat as the standard natural numbers. For the purposes of this discussion, we define an implementation for Σ to be an interpretation 1 such t h a t I(nat) = Ai and J ( 0 ) , J ( 1 ) , I ( + ) are standard,
but the interpretation of ras and operations empty, insert, count are arbitrary. The set Ai may be either the standard natural numbers, if we are not concerned with nonterminating expressions, or AiU {oo} as mentioned earlier. However, we must use the same set in all the interpretations we wish to compare.
We say that implementations J and J for Σ are observationally equivalent if, for any p r o g r a m M : nat, we have J [ M : nat\ = J\M
: nat],
that is, the meaning of M : nat in J is the same as the meaning of M : nat in J. The rest of this section is devoted to characterizing observational equivalence of implementations.
On the Equivalence of Data Representations
313
A first guess might be t h a t I and J are observationally equivalent iff there exists some kind of mapping between multisorted first-order structures,
(A/*, X(ms), 0 , 1 , -\-,X (empty), X (insert), X (count)) and
{λί, J(ms),
0 , 1 , + , J(empty),
J(insert),
J
(count)),
such as a homomorphism. This is partly correct, since a first-order homomorphism determines the kind of relation discussed in Section 5.2 below, and therefore guarantees equivalent results for any program. However, there are two reasons why homomorphisms are not an exact characterization. The first has to do with the fact t h a t elements of X(ms) and J(ms) that are not definable by terms are irrelevant. For example, let X be an implementation of multisets and let J be derived from J by adding some "nonstandard" multiset α with the property,
insert χα = α for all χ . Then X and J will be observationally equivalent, since the multiset α is not definable by any expression. However, there can be no homomorphism h from J to X, since there is no reasonable choice for h(a). A second reason why homomorphisms are unsatisfactory is t h a t an implementation m a y choose t o represent indistinguishable multisets, produced by different orders of insertion, as either the same or different d a t a structures. For example, an implementation may be structured so t h a t the result of inserting 1, 2, and 3 into the empty multiset is precisely the same d a t a structure as the result of inserting 1, 2, and 3 into the empty multiset, but the results of inserting 4, 5, 6 and 6, 5, 4 are different. If a second implementation does just the opposite, then there cannot be a homomorphism from one implementation to the other, even though the two implementations may be indistinguishable.
5.2
Relations for Simply Typed Structures
The discussion in the previous section suggests t h a t we should t r y to characterize equivalence of implementations using relations rather t h a n homomorphisms or other kinds of functions. In this section, we will define a form of relation between structures t h a t serves this purpose. A typed relation between structures A and Β is a family of relations A B between the sets of U and U . W i t h application and other operations inherited from Λ and B, the collection of all relations becomes a structure. We define the relational structure Rel(A, B) by:
Mitchell
314 Rel B)
A
• T h e universe JJ ^ is the set of all triples (R, A, B) with AeU B and B G U and i î Ç [Λ] χ [Β] a binary relation on the cartesian product of their elements.
• T h e set [(R, A, B)] of elements of (R, A, B) is the set R of ordered pairs. Application is determined coordinatewise by Apply (f, g) (x, y) —
{Apply fx, Apply g y). Rel A
A
B
B
• T h e distinguished element i ( > ) i s the triple (id, 1 , 1 ) where Λ » Rel Rel id C l ^ x r is the identity relation. W e define χ and —• by R
(R, A, B) x (R', Α', B') = (RxR',Ax f
(R, A,B) ™ (R ,Ä,B') with relations Rx
1
Α!, Β χ Β ),
= (R^R',A*
Α',B^B'),
R' and Ä—• R' as follows:
(a,α') Rx R' (b,b') fR-+R'g
iff iff
a R b and a' R' b', A B A B (Apply > f a) R' (Apply ^ '
gb)
whenever a R b.
• Composition of (f,g) G (R,A,B) ( / ' , < / > e (R',A',B')
^
™ (R",A",B")
(f',9')°(f,9)
(R',A',B')
and
is defined by
=
(f'°f,9'°9),
and distinguished elements are defined by pairing. (R,A,B) Id
=
{A
MM
For example,
B y
We claim below t h a t Rel(A, B) is a structure. The structure Rel (A, B) gives us a way of defining relations between interpretations into A and B. If 1 is an interpretation of some signature into structure A, and J is an interpretation of the same signature into B, then an interpretation Κ of this signature into Rel(A, B) gives us a relation / C [ T J for each type r . W e say Κ is compatible with X and J if, for each type constant a, we have K(a) Ç. X(a) χ J (a) and, for each t e r m constant c of type r , the interpretations X(c) and J(c) are related by / C [ l — • r ] . We will see below t h a t a compatible interpretation Κ gives us a relation / C [ r J between J [ r ] and ^ 7 [ τ | for each type r . This relation has the same properties as a logical relation between the X and J. (See [Sta85, Mit90].) One advantage of the present framework, as opposed t o previous approaches t o logical relations, is t h a t we can see t h a t relations at functional and
On the Equivalence of Data Representations
315
product type are uniquely determined, and not the result of some arbitrary decision. This follows from L e m m a 1 and the categorical fact mentioned earlier t h a t product and function types are uniquely determined. T h e following lemma, adapted from [ A M S W 9 1 ] , implies the Basic L e m m a of logical relations (also called the "Fundamental Theorem") [Sta85, Mit90]. -
Lemma 1 For any \*-> ~^ structures A and B, Rel(A,B) is a À * ' * ' * structure. If X is an interpretation of some signature into A, and J is an interpretation of the same signature into B, then for any compatible interpretation Κ into Rel(A, B), we have /C[r] Ç J [ r ] χ J\r\ for each type τ and x,
K\x : σ > Μ : σ] = (X\x : σ > M : σ ] , J[x : σ > M : σ ] ) <Ξ Κ\σ — σ] for each term χ : σ > M : σ. Proof Sketch.
It is straightforward to check t h a t Rel(A, B) is a structure. The remaining claims are verified by induction on types and terms. •
5.3
Equivalence of Implementations
We may show t h a t interpretations X (into . 4 ) and J (into B) for the signature with natural number multisets are observationally equivalent (with respect t o the natural numbers) iff there is a compatible interpretation Κ into Rel(AjB) such t h a t K(nat) is the identity relation on the natural numbers. This generalizes to any other d a t a type, or collection of related d a t a types, as long as all functions are first-order and we have a closed t e r m naming each natural number. If we have higher-order functions, then the existence of a relation (or compatible interpretation into Rel(A,B)) is sufficient but not necessary. T h e general situation is summarized in the following theorem about any signature giving a collection of possibly interdependent types and operations.
Theorem 1 Let Σ be some signature with type constant nat and let X and J be interpretations of Σ into structures A and B, respectively, with X(nat) = J(nat) = λί. If there is a compatible interpretation /C ο / Σ into Rel(A,B), with K(nat) the identity relation on natural numbers, then X and J are observationally equivalent. Conversely, ifX and J are observationally equivalent, Σ provides a closed term for each element of λί, and Σ only contains first-order functions, then there is a compatible interpretation Κ of Σ into Rel(A,B), with IC(nat) the identity relation. Proof. T h e first part of the theorem follows directly from L e m m a 1. For the proof of the second part, we must construct a compatible interpretation
Mitchell
316
JC. For each type constant s, we let / C ( s ) Ç I(s) x J(s) be the relation containing pair (a, b) iff there is a closed t e r m M of type s whose meaning A under J is α (or, to be precise, the constant function from 1 to T [ s ] whose value is a ) , and whose meaning under J is b. We must show t h a t for any function symbol / : s\ χ . . . x Sk —* s from Σ , if (a^, i^) G / C ( s i ) for J i = 1 , . . . , fc, then ( / ( a i , . . . , a ^ ) , / * ^ ( & i , . . . , G / C ( s ) ; but this follows easily from the choice of / C ( s ) . Since Σ provides a closed t e r m for each element of Λ/", it is easy to see t h a t IC(nat) is the identity relation. •
6 6.1
Data-type Declarations A Lambda Calculus with Type Declarations
In this section and the remainder of the chapter, we will study equivalence of data-type representations when written in a simple illustrative language. ,χ, The first step is to extend the simple lambda calculus λ^ "~* to a lana b s t e guage A y P with abstract data-type declarations. T h e declaration form, a b s t y p e t w i t h χ : σ i s (τ, M) i n iV, gives names t and χ to the type r and operation M , with scope N. Since we have arbitrary pairing, there is no loss of generality in assuming only one operation. For example, we might declare and use a d a t a type with one constant and one unary operation by writing a b s t y p e t w i t h χ :t x(t-+t)
is
( r , M ) i n iV,
where within the scope iV, the constant is given by P r o ^ x and unary operation by P r o j 2 x . There are several typing constraints associated with this construct, which is explained in detail in [MP88]. In a b s t y p e t w i t h χ : σ i s ( r , M) i n iV, the type of M must be the result [r/t]a of substituting r for t in σ, Ν must be well-typed under the assumption t h a t χ has type σ, and t may not occur in the type of any free variable of Ν other than x. This means t h a t the only operations on type t in Ν are those provided by x. T h e type variable t also must not be free in the type of N. This is an important scoping restriction in extensions of the language, which plays a minor technical role here. Note t h a t while many studies of d a t a types have been limited to first-order functions over some carrier, the operations associated with d a t a types in this language may be higher-order. a b s t
e
To define A y P more precisely, we begin by extending the type X expressions of X^' ^ with type variables, so t h a t type expressions have the form,
r
: : = a\t\rxr\r—*
r,
On the Equivalence of Data Representations
317
with α any type constant and t any type variable. W e continue t o assume t h a t 1 is among the type constants. A signature for A
a t ) S t
yP
e
is again a set of type constants and typed t e r m
constants, with a variable-free type designated for each t e r m constant. T h e
abstype,
terms, which now include
M
::=
are summarized by the g r a m m a r ,
c I χ | ( M , M ) | Proj^M | λχιτ.Μ \ MM | abstype t with χ : σ is (τ, M) in AT,
with the additional typing rule for abstype given in the Appendix. W e will call an expression ( r , M) a data representation, since this is a concrete representation of an a b s t r a c t d a t a type.
6.2
Meaning in λ ~* Structure 1,χ,
We will consider two semantic interpretations for A
a l D S t
e
y P , a simpler one
in this section and a more detailed semantics incorporating explicit dependence on free type variables in the next.
In the first semantics, we use
^ l , x , - > structures, with the meaning of a type depending on an assignment of semantic types t o type variables. A n interpretation J of a A
a l : ) S t
yP
e
-
signature into a λ ^ ' *
structure Λ
is a m a p from type constants to the universe of Λ and from t e r m constants and types of Λ t o elements of the appropriate type.
If Λ is a s t r u c t u r e ,
then an Λ type environment is a mapping,
η : Type-Variables —• U . A
The meaning Χ[σ]τ/ of any type expression σ in type environment η is defined as follows:
Ι[ΐ]η Ι[α]η
= =
η(ΐ) 1(a)
1{σχτ}η
=
Ι[σ]ηΰΐ[τ]η
Ι[σ-+τ]η
=
ΙΙσ]η*Ι[τ]η
T h e meaning of a t e r m Γ > M : σ in type environment η is defined by induction as before, except t h a t we must remember t o look up the value of each type variable in the type environment. Since all cases other t h a n
Mitchell
318 a b s t y p e are completely routine, we give only a few examples:
=
Ι[χ:σ>χί:σί\η
Prog™" x
1
:σ > c :r]
=
1(c) ο O ^ , where O ^ ^ is the unique element of Χ [ σ —• l]r/
Χ[χ:σ>ΜΑΓ:τ]η
=
App^ ^ * o(lx : σ > Μ : σ —• r ] n , I [ x :σ> Ν : σ\η)
I[x
7
7
The new case is the meaning of an a b s t y p e declaration. In words, the meaning of a b s t y p e t w i t h χ : σ i s (τ, M ) i n AT" is obtained by composing the meaning of N, considered as a function of x, with the meaning of M, where the meaning of Ν is taken in a type environment t h a t gives type variable t the meaning of r : I\x
: σ > abstype £ with χ : σ i s
(r, M ) in
: ρ]η
= I[x :σ,χ:σ>Ν
: ρ\η' ο (id, [χ : σ > M : [τ/ί]σ]η),
where η' — η[ί ^
Ί\τ\η].
An equation t h a t holds in this semantics is abstype t with χ : σ i s
( r , M ) i n A/" = [ M / x ] [ r / t ] i V ,
which will be useful in reducing observational equivalence for some special uses of a b s t y p e to the earlier analysis of observational equivalence for inχ terpretations of λ ! ' ' ~ \ One aspect of this equation t h a t deserves mention is the typing of the substitution instance [M/x][r/t]N. If Ν is well-typed assuming χ : σ, then it follows (see [Mit90], for example), t h a t [r/t]N will be well-typed under the assumption t h a t χ : [r/t]a. Since [r/t]a is precisely the type of M , the substitution instance [M/x][r/t]N is well-typed.
6.3
Observational Equivalence
According to our general definition of observational equivalence, a pair ( r , M) implementing a type t with operation χ : σ is equivalent to another such pair, (p,N), if for any natural number context C[ ] such t h a t both C[(T, M)] and C[(p, N)] are well-formed programs (closed expressions of type nat), we have C[(r,M)] = C[(p,N)]. It is clear from the g r a m m a r for the language t h a t any such context C[ ] must have the form, . abstype t with χ : σ i s
[ ] in
Ρ.
On the Equivalence of Data Representations
319
By the previous analysis involving relations, we would expect to show C[(r, M)] = C[(p,N)] by establishing t h a t for all relevant values of the free type and t e r m variables in P , ( r , M) and (p, iV), the interpretation of a b s t y p e t w i t h χ : σ i s (τ, M ) i n Ρ is related to a b s t y p e t w i t h £ : σ i s (ρ, N) i n P . Since this is considerably simplified if either (τ, M) and (p, iV) are closed, or we know the values of their free variables, we will consider these special cases first. These can be addressed using the semantics given above, while the more general situation requires the more complex semantics given in Section 7.
6.4
A Single Closed Data Representation
The simplest form of program context with a hole requiring a d a t a representation is C[]
::=
abstype t with χ : σ i s
[ ] in Ρ,
where in order for C[(r, M ) ] to be a program (closed nat expression), r and M must be closed and Ρ may only have t and χ free. Since an a b s t y p e declaration within Ρ could be eliminated by substitution, we may assume without loss of generality t h a t Ρ does not contain a b s t y p e . W e will say t h a t
data representations (r, M) and (ρ, N) are top-level observationally equivalence with respect to X and J if I [ C [ ( r , Af )]] = »7[C[(p, N)]] for all contexts of the form indicated above. In practical situations, we are probably most interested in the case where X = J, since this corresponds to rewriting a d a t a representation without changing the compiler or interpreter. However, if we consider sequences of nested declarations, we are naturally led to compare d a t a representations with respect to difference interpretations. Using extensions of interpretations X and J, we may reduce top-level ,x equivalent with respect to X and J to observational equivalence of À^'~* interpretations. If X is an interpretation for signature Σ not containing type constant a or t e r m constant / , then we can use ( r , M) to define an extension X' of J to signature Σ ' = Σ U {α, / : [α/ί]σ} with J l a b s t y p e t with χ : σ i s
(τ, M ) i n Ρ ]
=
X'\[f
Ix][a/t]P\
for any expression Ρ with t and χ : σ free. T h e interpretation X' is defined from X by letting X'(a) = T [ r ] and ! ' ( / ) = J [ M ] . To establish notation, let us write X' = X[a >—> X [ r ] , / ·—• Z | M ] ] . If J is an another interpretation for Σ , and (ρ, N) is another implementation for type t with operation 1 χ : σ, we may define an extension J similarly. B y construction, ( r , M) and (ρ, N) are top-level observationally equivalent with respect to X and
Mitchell
320
J iff extended interpretations X' and J' are observationally equivalent in the sense described in Section 4. This gives us the following corollary t o Theorem 1.
Corollary 1 Let X and J be interpretations of signature Σ into A and Β (respectively) and let (τ, M) and (p,N) be closed data representations for type t with χ\σ. Then (τ, M) is top-level observationally equivalent to (ρ, N) with respect to X and J if there is an interpretation Κ of Σ ' = Σ U {α, / : [a/t]a} into Rel(A, Β) that is compatible with X' = X[a t-> X\r\, / i—• X{Mj] and J' — J[a »—• J\r\, f i—• ^7[Μ]] and such that IC(nat) is the identity relation. If σ is a cartesian product of first-order function types, signature Σ provides a closed term for each element of Μ, and Σ only contains firstorder functions, then the converse also holds.
6.5
Sequences of Data Representations
The characterization of observational equivalence above generalizes easily to representations of several related d a t a types. These often arise in programming, as in defining types of matrices and vectors over some ring. If we want a function t o multiply a m a t r i x by a vector, and define matrices and vectors as separate d a t a types, there is no natural place t o define the multiplication operation. This problem is solved by defining both as part of the same a b s t r a c t d a t a type (which has two types). While this is easily done in the language presented in [MP88], we cannot do this here without extending the language. The more general form of abstract d a t a type declaration is a b s t y p e t\,...,tk
w i t h χ:σ
i s ( τ ι , . . . , τ&, M) i n Ρ
where the type of M must be the result [τχ,..., Tk/h,..., tk]c of substituting each Ti for U in σ. (In general, σ will contain all of the type variables ti,... ,tk.) It is easy t o see t h a t Corollary 1 extends t o this form of datatype declaration and "multisorted" d a t a representation ( τ ι , . . . , τ&, M), since Theorem 1 applies t o any λ ^ ' * signature with any number of type constants. Another situation t h a t arises quite often in practice is t h a t a program will begin with a sequence of data-type declarations, each referring t o one or more of the previous declarations. This results in a program of the form, a b s t y p e t\ w i t h x\ : σι i s (τι,Μι) i n a b s t y p e t2 w i t h x2 : σ2 i s (r2,M2)
in
On the Equivalence of Data Representations a b s t y p e tk w i t h xk :
321 i s (rk,Mk)
in
Ρ end end end, where we have used end's and indentation to indicate the scope of each declaration. T w o sequences of d a t a representations, ( r i , M i ) , . . . , (rk, Mk)
and (pi, N\),...,
(pk, Nk), are top-level observationally equivalent if any
program C [ ( r i , M I ) , . . . , (rk, Mk)) of the form above has the same observable value as the p r o g r a m C[(pi, i V i ) , . . . , (pk, Nk)] with (pi, Ni) in place of (ri,Mi). However, since each p r o g r a m is equivalent to one of the form, a b s t y p e t\,..., tk w i t h χ : σ\ χ . . . x ak i s ( r i , . . . , T f c , ( M i , . . . , M f c ) ) in P ,
observational equivalence for sequences of d a t a representations reduces to observational equivalence for d a t a representations with more than one type. In addition, we may consider incremental changes in sequences of d a t a representations. Suppose we have two sequences of d a t a representations, f = ( n , M i ) , . . . , (rkjMk) and ρ = ( η , Μ ι ) , . . . , (τ*, Mk). Given the development so far, it is easy to establish t h a t if f is observationally equivalent to ρ and f , (τ^+ι, M ^ + i ) is observationally equivalent to f , (pfc+i, Nk+i), then f , (rfc+i,Mfc+i) is observationally equivalent to ρ, (ρ&+ι, iVfc+i).
7 7.1
Data Representations with Free Variables Structures and Interpretations
The final problem is to give a sufficient condition for observational equivalence of d a t a representations t h a t m a y contain free type and t e r m variables. To construct relations t h a t illustrate the dependence on type variables explicitly, we will add explicit functions on types t o structures. T h e interpretation of a type expression with η free variables will be an n-ary function A A from U to U . W i t h each such function, we associate a set of elements also parameterized by η-tuples of types to serve as the meanings of terms. The meaning of a t e r m χ : σ > M : σ with free type variables t\,..., tn will be a function t h a t maps an η-tuple of values for t\,..., tn t o an element of
σ —^ σ. W i t h the extended form of s t r u c t u r e , we c a n also extend the language to include type and t e r m constants with type p a r a m e t e r s . Some intuitive
Mitchell
322
examples are the parameterized type list(t) of lists of type t and nil(t), the empty list of type list(t). To be precise, a signature consists of a set of type constants, each with a specific arity, and a set of t e r m constants, each with a specified arity (number of type parameters) and a type depending on the same number of type parameters. Type expressions now have the form, τ
:: =
α ( ί ι , . . . , ί η)
| t \ τχτ
\
τ->τ,
and terms have the form,
c ( t i , . . . , * n ) | χ | ( M , M ) | Proj^M | λχιτ.Μ
::=
M
abstype t with χ : σ i s
(τ, M)
| MM |
i n iV,
with precise typing rules again given in the Appendix. at)St e A A y P - s t r u c t u r e A consists of the following parts: , χ
_
(i) Α λ * ' ' structure Ao, consisting of universe Î / Q S distinguished elA
ement 1 ^ G U ,
elements Α χ Β and A 4
β for each A, B G
A
U,
and so on as in Section 4. (ii) For A U Λ 1, . U£,
A
each positive integer n, a collection U of n-ary functions from to Î / Q S including the constant function mapping any η-tuple to all n-ary projection functions, and such t h a t if F and G are in Λ then so are the functions mapping η-tuple u to F(u) χ G[u)
and F(u)
For notational simplicity, we write F x G for the A A function mapping u to F(u) x G(u), and similarly, F —> G. —> G(u).
(iii) For each function F G U^, a set [F] of functions / with f(û) G [-F(ü)]. The following conditions must be satisfied. Essentially, conditions (iv) and (v) say that each is a A ^ ' * ' ' structure. Condition (vi) gives us a way of treating any function of η type parameters as a function of η - j - m type parameters, and condition (vii) provides a semantic version of substitution of types for type variables in both types and terms. This is used to interpret a b s t y p e expressions. (iv)
For each F G
the parameterized identity I d
F{ü)
F
F
given by ld (ü)
=
must be in [F 4 F] and for each F, G, H G U£, f e [F * G\ Λ and g G [G —• H], the composition g ο f given by
Id
(g°f)(û) Λ must be in [F —> Η ] .
=
g(ü)of(ü)
On the Equivalence of Data Representations
323 4
(v) For each η a n d F G U£, there is exactly one element in [F —• Au.l- ] and for all F,G,H
G t/^, there must be bijective correspondences,
([F4G])x([F4fl]) [(F x G ) 4 f l ]
S S
[ F - ( G X J / ) 1 ,
[F4
(G 4 # ) ] ,
with t h e maps from right t o left determined by composition with G [ F x G —• F ] , P r o j 2 '
parameterized projections P r o j j ' F
G 4 G], and application A p p '
G
G [F x
G [ ( F 4 G) x F 4 G].
(vi) If F G U£ a n d G is an ( n H- m ) - a r y function on types t h a t is identical to F except for m vacuous additional arguments, then G G
U^.m.
Similarly, if / G [ F ] and function g of ( n + m ) arguments is identical to / except for m vacuous additional arguments, then g G [G]. A
(vii) If F G U ,
Α
G G υ +1
and # G [G], then the composition GF defined A
by GF(Ü) = G(ü,F(ü))
gF(û)
= g(û,F(û))
is in U
and the composition gp defined by
is in [GF].
An interpretation X of a signature into a structure ^4 is a m a p sending each type constant of arity η into U
A
a n d each t e r m constant c depending
on η type p a r a m e t e r s t o a n element of some [ F ] for appropriate F G t/^. If a type constant a(t\,...,
tn)
depends on η type parameters, then by condi-
tion (vi) we m a y also regard X(a) as a function of m + η type parameters. We write J ( a ) m +
A
n
t o indicate a n appropriate element of U +n.
Similarly,
if c is a t e r m constant depending on η type p a r a m e t e r s with J ( c ) G [ F ] for F G Uni then by condition (vi) there is a corresponding interpretation A
Z ( c ) n + m G [G] for any G G U +n
depending vacuously on additional type
parameters. We interpret a type expression with η free variables, t i , . . . , t n as a 1
A
1
function in U > T h e definition of function J l r ] ^ ' - ' * » ) G U£ m a y be given by a straightforward inductive definition. defining X[r]^'-'*»)
This gives the same result as
4
G l ^ t o be t h e function, M
where X[r]ry is the element of U
A
»- ΧΜ*/,
determined as in Section 6, except for
the addition of parameterized type constants discussed above. It is easy t o verify inductively t h a t Χ \ τ ψ ^ - ^ G U*. We give meanings t o t e r m s without a b s t y p e similarly. If ti,..., list containing all type variables in χ : σ > M : τ , then the meaning,
Χ\χ\σ>Μ\τψ^'"^\
tn is a
Mitchell
324 of this t e r m with respect to these free variables is the function,
Τ{χ\σ>Μ
( T / ( t i ) , . . . , f / ( t n) >
: φ ,
where X\x : σ > M : r]ry is the element of Τ [ σ —• τ]η determined as in Section 6. T h e only case t h a t might be confusing is a t e r m constant, since the form of interpretation has changed. For any c : τ and t\,... ,tn containing all type variables in r , we let
Xlx:a>c:r]
X{c)n ο 0 * M
( t l
--
(
t n )
t
, where O ^ J ' unique element of Χ\σ —• ΐ ] ( * ΐ ' · . · , * η ) >
=
l
'
ί η)
is the
This gives us a function from types to values for any t e r m not containing abstype. For a b s t y p e , we define the meaning of a t e r m in a way t h a t makes use of condition (vii) of the definition of structure. Note t h a t this condition has not been used for other terms. To define X\x : σ > a b s t y p e t w i t h χ : σ i s (τ, M) i n Ν : ρ], let F
=
J[r](*i'-'*»>
G
G g
= =
Ι[σχσψ^·"^ Ι[χ:σ,χ:σ>Ν
G £ # + 1, G [G].
: pj
Etf,
Then in the notation of condition (vii), we have X\x
: σ > abstype ί with χ : σ
is
(r, Μ )
in
iV : ρ | ( * ι > · · · > * η )
= gF ο < I d " , I [ x : σ > M : [ τ / ί ] σ ] ^ ' - ^ > ) , 1
where H(t\,...,tn) = X j ä ] ] ^ I t is not hard to show by induction l v t n on terms t h a t the meaning X\x : σ > M : r ] ^ " ' ^ of any term, considered as a function of its free type variables, is an element of the similarly parameterized meaning Χ\σ —• τ| ( * ι > · · · , * η ) 0f its type.
7.2
Relations
We may define a structure of relations between any pair of A
a b s t
yP
e
struc-
χ
tures in a manner analogous to relational λ^' '~^ structures. Specifically, for A
a b s t
yP
e
structures A and B , we define Rel(A, B) as follows: x
• For the required A*' '"^ structure, we take Rel(Ao, BQ) with universe JJREL(A,B) _ JJREL(A0IB0)
On the Equivalence of Data Representations •
325
EL D
For each positive integer n, let U£ ^ ) EL(A,B)
tions F from U* FA
A
GU
and FB
to U *
GU
B
E L { A) ß
b e the set of all n-ary funcfor which there exist
functions
such t h a t if
( Ä n , A n , Bn)) =
F((R\,Ai,B\),..., then Λ = FA(Au...,An)
(R,A,B)
and Β = FB(B1,...,
Note that F A
Bn).
and F ß are uniquely determined by F . EL ALB
• For all F G UN ^ \ fA G [FA]
and /
let [ F ] contain all functions / given by pairs
G [Fß] such t h a t
B
/ ( ( Ä l , i 4 l , B l ) , . . . , ( Ä n , A n , B n ) )
(fA(A1,...,An)JB(Bu...,Bn))
=
G [ F ( ( Ä i , A i , JBI), . . . , (Rn, An,
Bn))].
We define compatible interpretation into Rel(A, B) as in Section 4. In the following generalization of L e m m a 1, we show t h a t Rel(A, B) is a structure and describe the meaning of each t e r m .
T h e o r e m 2 For any A
a b s t
yP
e
structures A and B, Rel(A, B) is a A
a b s t
yP
structure. Let X be an interpretation of some signature into A, let J be an interpretation of the same signature into B, and let KL be a compatible interpretation into Rel(A, B). For any type τ over type variables t\,..., tn, ί ι ί η ' · " ' ) is a function with £ [ τ ] ( £ Ι τ ] ^ · · · ^ ) ( ( Α ι , Α ι , £ ι ) , . . . , (Rn, Ç
AN,
T [ T J ^ > - ' ' « ) ( A I , . . . , AN) a b s t
x
Bn)) J
[
r
]
(
*
i
—
.
.
.
,
Bn).
e
In addition, for each A y P term χ : σ > M : σ, the meaning K\x : σ > M : ig determined by the pair X\x : σ > Μ : σ]|(*ι>···>**), J ' [ χ :
We show t h a t .Re/(A, ß ) is a structure by checking each
condition of the definition in turn. Generally, these reduce to properties -
of relations on A*'*' " structures.
T h e remaining claims are verified by
induction on types and terms.
7.3
•
Equivalence of Data Representations a b s t
e
Using relational A yP structures, we can give a sufficient condition for general observational equivalence t h a t is analogous to the one given
e
Mitchell
326 earlier for top-level equivalence of closed d a t a representations.
χ : σ > M : [r/t]a and χ:σ>Ν
Suppose
: [p/t]a are well-typed terms so that we could
consider placing ( r , M) or (ρ, N) in a context of the form, C
::=
. . . abstype t with χ : σ i s [ ] in Ρ . . . ,
requiring a d a t a representation for type t with operations Ignoring free variables in ( r , M ) and (p, AT), we would say t h a t if there are relations on the interpretations of r and ρ preserved by the meanings of operations M and iV, then (τ, M ) and (ρ, N ) are observationally equivalent. In stating this as a theorem, the relation between types is represented by an interpretation R e l A B of a fresh type constant into U ( > ) . Taking the free type variables of τ and ρ into account, we will demonstrate t h e equivalence of two d a t a representations by choosing a relation between the meanings of r and ρ for each set of values for the free type variables. This is reflected in the following condition as an interpretation of a parameterized type constant a(ti,..., tn) 6l AjB into Un ^ ^ · W e state the following as a corollary of T h e o r e m 2 since the proof is almost immediate. a b s t
e
C o r o l l a r y 2 Let X and J be interpretations o / A y P signature Σ into A and Β (respectively) and let x:a>M:[r/t]a and x:a>N:[p/t]a be well-typed terms such that (r, M) and (ρ, N) are data representations for type t with χ:σ. Assume all free type variables in τ,Μ,ρ, and Ν are among t\,..., tn. Then (r, M) is observationally equivalent to (ρ, N) with respect to X and J if there is an interpretation Κ of Σ' = Σ U { α ( £ χ , . . . , tn), f(t\,..., tn) : [ α ( ί ι , . . . , tn)/t](ä —• σ ) } into Rel(A, Β) that is compatible with X[
a(tu...,tn)~ / ( f l , . . . , f
and the analogous extension of J, relation.
Ι [ τ ] ( * ΐ ' - · Η n
) -
I[Ml<*i'-'«»>
]
and such that IC(nat) is the identity
This corollary gives a method for proving equivalence of d a t a representations. In the simpler cases considered earlier, the method was t o define a relation or family of relations and show t h a t these are preserved by the given operations. T h e most direct formalization would use secondor higher-order logic. Since t h e corollary above involves a relation p a r a m eterized by types, the straightforward formalization in a logic for proving equivalence would require predicate symbols with type or sort parameters. We have not investigated the e x a c t properties required of such a formal system.
On the Equivalence of Data Representations
327
A shortcoming of this corollary is t h a t the relation between σ and τ t h a t must be preserved by M and Ν only depends on a set of free type variables, not the free t e r m variables of M and N. Since relations parameterized by terms requires a substantially different m a t h e m a t i c a l framework, we leave this refinement to further research.
Appendix: Typing Rules We define the set of well-formed terms of each type using axioms and inference rules. Recall t h a t Γ > Μ : τ may be read, "in context Γ , the t e r m M has type τ." T h e typing axiom for an ordinary t e r m constant is 0>c:a,
(est)
where we assume t h a t c:a is given by the signature. For t e r m constant with a b s t e y P ) , we have the axiom, type paramenters (in second version of / \ 0 > φ ι , . . . , £ η ) :σ,
(est) for c(ti,..., is
tn)
: σ given by the signature. T h e typing axiom for variables
(var)
χ:σ>χ:σ.
The structural rule, ( AA
(add var)\
Γ> Μ :σ Γ,χ:τ>Μ :σ '
allows us to add variables to the typing context. T h e remaining rules each pertain to one form of term. ( - > Intro)
( - > Elim)
( χ Intro)
(χ
Elim)
Γ, χ : σ > Μ : τ Γ > (Χχ : σ.Μ) :σ—>τ ' Γ>Μ:σ->τ, Γ >
Γ>Ν
:σ
ΜΝ :τ
Μ : σ, Ν : τ Ν) : σ χ r
(Μ,
r
Μ : σ χτ T Pro# M : τ '
P r o j ^ ' M : σ,
Γ,χ:σ>ΛΓ:ρ, Γ > Μ : τ/ί σ (abstype) - — ; :—— — — t not in Γ , p. Γ > ( a b s t y p e t w i t h χ\σ i s (τ, M ) i n Ν) : ρ
Mitchell
328
References [AMSW91] S. Abramsky, J . Mitchell, A. Scedrov, and P. Wadler. Relators. Manuscript, 1 9 9 1 .
[Bar84]
H.P. Barendregt. The Lambda Calculus: Its Syntax and Semantics. North-Holland, A m s t e r d a m , 1984.
[BTC88]
V. Breazu-Tannen and T . Coquand.
of Polymorphism.
Extensional
Models
Theoretical Computer Science, 59:85-114,
1988. [Hoa72]
C . A . R . Hoare. P r o o f of Correctness of D a t a Representations.
Acta Informatica, 1:271-281, 1972. [LS86]
J . Lambek and P . J . Scott. Introduction to Higher-Order
Cat-
egorical Logic. Cambridge University Press, Cambridge, U . K , 1986. [McC61]
J o h n McCarthy. A Basis for M a t h e m a t i c a l Theory of Com-
putation. In Proc. Western Joint Computer Conj, pages 2 2 5 238, May 1 9 6 1 . L a t e r version in P. Braffort and D. Hirschberg
(eds.), Computer Programming and Formal Systems, NorthHolland, A m s t e r d a m , pages 3 3 - 7 0 , 1 9 6 3 . [McC63]
J o h n McCarthy. Towards a M a t h e m a t i c a l Theory of Compu-
tation. In Proc. IFIP Congress 62, pages 2 1 - 2 8 , Amsterdam, 1963.
North-Holland.
[Mil71]
R . Milner. An Algebraic Definition of Simulation between P r o grams. Technical R e p o r t CS 2 0 5 , Stanford University, 1 9 7 1 .
[Mil77]
R . Milner. Fully A b s t r a c t Models of T y p e d L a m b d a Calculi.
Theoretical Computer Science, 4 ( 1 ) , 1977. [Mit86]
J . C . Mitchell. Representation Independence and D a t a Abstrac-
tion. In Proc. 13th ACM Symp. on Principles of Programming Languages, pages 2 6 3 - 2 7 6 , J a n u a r y 1 9 8 6 . [Mit90]
J . C . Mitchell. T y p e Systems for P r o g r a m m i n g Languages. In
J . van Leeuwen, editor, Handbook of Theoretical Computer Science, 1990.
Volume B, pages 3 6 5 - 4 5 8 . North-Holland, A m s t e r d a m ,
On the Equivalence of Data [MM85]
[MP88]
Representations
329
J . C . Mitchell and A . R . Meyer. Second-Order Logical Relations. In Logics of Programs, pages 2 2 5 - 2 3 6 , Berlin, June 1 9 8 5 . Springer-Verlag L N C S 1 9 3 . J . C . Mitchell and G.D. Plotkin.
A b s t r a c t Types Have Exis-
tential Types. ACM Trans, on Programming Languages and Systems, 1 0 ( 3 ) : 4 7 0 - 5 0 2 , 1 9 8 8 . Preliminary version appeared
in Proc. 12th ACM Symp. on Principles of Programming Languages, 1985. [MS89]
J . C . Mitchell and P . J . Scott.
Typed L a m b d a Calculus and
Cartesian Closed Categories. In Proc. Conf. Computer Science and Logic June 14-20, 1987, Univ. Colorado Boulder, volume 92 of Contemporary Mathematics, pages 3 0 1 - 3 1 6 . Amer. M a t h . Society, 1989. [Plo77]
G.D. Plotkin.
L C F Considered as a P r o g r a m m i n g Language.
Theoretical Computer Science, 5:223-255, 1977. [Rey83]
[Sta85]
J . C . Reynolds. Types, Abstraction, and P a r a m e t r i c Polymorphism. In Information Processing '83, pages 5 1 3 - 5 2 3 . NorthHolland, A m s t e r d a m , 1 9 8 3 . R . S t a t m a n . Logical Relations and the Typed L a m b d a Calcu-
lus. Information and Control, 6 5 : 8 5 - 9 7 , 1985. [Sto88]
A. Stoughton.
Fully Abstract Models of Programming Lan-
guages. P i t m a n , London, and J o h n Wiley and Sons, New York, 1988.