Introduction to Probabilisticand Quantum Programming

Part III

Ugo Dal Lago

BISS 2014, Bertinoro

Section 1

The λ-Calculus as a Functional Language

Minimal Syntax and Dynamics

I Terms:M ::= x | MN | λx.M.

I Substitution:

xx/M =M yx/M = y

NLx/M = (Nx/M)(Lx/M) λy.Nx/M = λy.(Nx/M)

I CBN Operational Semantics:

(λx.M)N →Mx/NM → N

ML→ NL

I Values:V ::= λx.M

I CBV Operational Semantics:

(λx.M)V →Mx/V M → N

ML→ NLM → N

VM → V N

Minimal Syntax and Dynamics

I Terms:M ::= x | MN | λx.M.

I Substitution:

xx/M =M yx/M = y

NLx/M = (Nx/M)(Lx/M) λy.Nx/M = λy.(Nx/M)

I CBN Operational Semantics:

(λx.M)N →Mx/NM → N

ML→ NL

I Values:V ::= λx.M

I CBV Operational Semantics:

(λx.M)V →Mx/V M → N

ML→ NLM → N

VM → V N

Minimal Syntax and Dynamics

I Terms:M ::= x | MN | λx.M.

I Substitution:

xx/M =M yx/M = y

NLx/M = (Nx/M)(Lx/M) λy.Nx/M = λy.(Nx/M)

I CBN Operational Semantics:

(λx.M)N →Mx/NM → N

ML→ NL

I Values:V ::= λx.M

I CBV Operational Semantics:

(λx.M)V →Mx/V M → N

ML→ NLM → N

VM → V N

Minimal Syntax and Dynamics

I Terms:M ::= x | MN | λx.M.

I Substitution:

xx/M =M yx/M = y

NLx/M = (Nx/M)(Lx/M) λy.Nx/M = λy.(Nx/M)

I CBN Operational Semantics:

(λx.M)N →Mx/NM → N

ML→ NL

I Values:V ::= λx.M

I CBV Operational Semantics:

(λx.M)V →Mx/V M → N

ML→ NLM → N

VM → V N

Minimal Syntax and Dynamics

I Terms:M ::= x | MN | λx.M.

I Substitution:

xx/M =M yx/M = y

NLx/M = (Nx/M)(Lx/M) λy.Nx/M = λy.(Nx/M)

I CBN Operational Semantics:

(λx.M)N →Mx/NM → N

ML→ NL

I Values:V ::= λx.M

I CBV Operational Semantics:

(λx.M)V →Mx/V M → N

ML→ NLM → N

VM → V N

ObservationsI Not all redexes are reduced.I For every M there is at most one N such that M → N .I It is easy to find a term M such that

M = N0 → N1 → N2 → . . .

I There is a problem with substitutions:

(λx.λy.x)(yz)→ λy.yz.(λx.λy.x)(yz)→ λw.yz.

I The standard solution is to consider terms modulo so-calledα-equivalence: renaming bound variables turns a terminto one which is indistinguishable.

λx.λy.xxy ≡ λz.λy.zzy.

I α-equivalence is not necessary if we assume to work withclosed terms.

ObservationsI Not all redexes are reduced.I For every M there is at most one N such that M → N .I It is easy to find a term M such that

M = N0 → N1 → N2 → . . .

I There is a problem with substitutions:

(λx.λy.x)(yz)→ λy.yz.(λx.λy.x)(yz)→ λw.yz.

I The standard solution is to consider terms modulo so-calledα-equivalence: renaming bound variables turns a terminto one which is indistinguishable.

λx.λy.xxy ≡ λz.λy.zzy.

I α-equivalence is not necessary if we assume to work withclosed terms.

ObservationsI Not all redexes are reduced.I For every M there is at most one N such that M → N .I It is easy to find a term M such that

M = N0 → N1 → N2 → . . .

I There is a problem with substitutions:

(λx.λy.x)(yz)→ λy.yz.(λx.λy.x)(yz)→ λw.yz.

I The standard solution is to consider terms modulo so-calledα-equivalence: renaming bound variables turns a terminto one which is indistinguishable.

λx.λy.xxy ≡ λz.λy.zzy.

I α-equivalence is not necessary if we assume to work withclosed terms.

Computing Simple Function on N, in CBV

I Natural Numbers

p0q = λx.λy.x;

pn+ 1q = λx.λy.ypnq.

I Finite Set A = a1, . . . , an

paiq = λx1 · · ·λxn.xi.

I Pairs〈M,N〉 = λx.xMN

I Fixed-Point Combinator

Θ = λx.λy.y(λz.(xx)yz);

H = ΘΘ.

Computing Simple Functions on N, in CBV

I SuccessorSUCC = λz.λx.λy.yz

Indeed:SUCCpnq→ λx.λy.ypnq

I Projections

PROJki = λx.x(λy1 · λyk.yi)

Indeed:

PROJki 〈pn1q, . . . , pnkq〉 → 〈pn1q, . . . , pnkq〉(λy1 · · ·λyk.yi)→ (λy1 · · ·λyk.yi)pn1q · · · pnkq→∗ pniq.

Computing Simple Functions on N, in CBV

I SuccessorSUCC = λz.λx.λy.yz

Indeed:SUCCpnq→ λx.λy.ypnq

I Projections

PROJki = λx.x(λy1 · λyk.yi)

Indeed:

PROJki 〈pn1q, . . . , pnkq〉 → 〈pn1q, . . . , pnkq〉(λy1 · · ·λyk.yi)→ (λy1 · · ·λyk.yi)pn1q · · · pnkq→∗ pniq.

Computing Simple Functions on N, in CBV

I SuccessorSUCC = λz.λx.λy.yz

Indeed:SUCCpnq→ λx.λy.ypnq

I Projections

PROJki = λx.x(λy1 · λyk.yi)

Indeed:

PROJki 〈pn1q, . . . , pnkq〉 → 〈pn1q, . . . , pnkq〉(λy1 · · ·λyk.yi)→ (λy1 · · ·λyk.yi)pn1q · · · pnkq→∗ pniq.

Computing Simple Functions on N, in CBV

I SuccessorSUCC = λz.λx.λy.yz

Indeed:SUCCpnq→ λx.λy.ypnq

I Projections

PROJki = λx.x(λy1 · λyk.yi)

Indeed:

PROJki 〈pn1q, . . . , pnkq〉 → 〈pn1q, . . . , pnkq〉(λy1 · · ·λyk.yi)→ (λy1 · · ·λyk.yi)pn1q · · · pnkq→∗ pniq.

A Simple Form of Recursion

I Suppose you have a term Mf which computes the functionf : N→ N, and you want to iterate over it, i.e. you want tocompute g : N× N→ N such that

g(0, n) = n;

g(m+ 1, n) = f(g(m,n)).

I We need a form of recursion in the language. Observe that:

HV = (ΘΘ)V → (λy.y(λz.Hyz))V → V (λz.HV z)

I The function g can be computed by way of

Mg = H(λx.λy.y(λz.λw.zw(λq.Mf (x〈q, w〉)))

A Simple Form of Recursion

I Suppose you have a term Mf which computes the functionf : N→ N, and you want to iterate over it, i.e. you want tocompute g : N× N→ N such that

g(0, n) = n;

g(m+ 1, n) = f(g(m,n)).

I We need a form of recursion in the language. Observe that:

HV = (ΘΘ)V → (λy.y(λz.Hyz))V → V (λz.HV z)

I The function g can be computed by way of

Mg = H(λx.λy.y(λz.λw.zw(λq.Mf (x〈q, w〉)))

A Simple Form of Recursion

I Suppose you have a term Mf which computes the functionf : N→ N, and you want to iterate over it, i.e. you want tocompute g : N× N→ N such that

g(0, n) = n;

g(m+ 1, n) = f(g(m,n)).

I We need a form of recursion in the language. Observe that:

HV = (ΘΘ)V → (λy.y(λz.Hyz))V → V (λz.HV z)

I The function g can be computed by way of

Mg = H(λx.λy.y(λz.λw.zw(λq.Mf (x〈q, w〉)))

A Simple Form of Recursion

Mg = H(λx.λy.y(λz.λw.zw(λq.Mf (x〈q, w〉)))

Mg〈pm+ 1q, pnq〉 →∗ 〈pm+ 1q, pnq〉(λz.λw.zw(λq.Mf ((λx.Mgx)〈q, w〉x))→ (λz.λw.zw(λq.Mf ((λx.Mgx)〈q, pnq〉))pm+ 1qpnq

→∗ pm+ 1qpnq(λq.Mf ((λx.Mgx)〈q, pnq〉))→∗ (λq.Mf ((λx.Mgx)〈q, pnq〉))pmq

→∗ Mf ((λx.Mgx)〈pmq, pnq〉)→∗ Mf (Mg〈pmq, pnq〉)

A Simple Form of Recursion

Mg = H(λx.λy.y(λz.λw.zw(λq.Mf (x〈q, w〉)))

Mg〈pm+ 1q, pnq〉 →∗ 〈pm+ 1q, pnq〉(λz.λw.zw(λq.Mf ((λx.Mgx)〈q, w〉x))→ (λz.λw.zw(λq.Mf ((λx.Mgx)〈q, pnq〉))pm+ 1qpnq

→∗ pm+ 1qpnq(λq.Mf ((λx.Mgx)〈q, pnq〉))→∗ (λq.Mf ((λx.Mgx)〈q, pnq〉))pmq

→∗ Mf ((λx.Mgx)〈pmq, pnq〉)→∗ Mf (Mg〈pmq, pnq〉)

A Simple Form of Recursion

Mg = H(λx.λy.y(λz.λw.zw(λq.Mf (x〈q, w〉)))

Mg〈pm+ 1q, pnq〉 →∗ 〈pm+ 1q, pnq〉(λz.λw.zw(λq.Mf ((λx.Mgx)〈q, w〉x))→ (λz.λw.zw(λq.Mf ((λx.Mgx)〈q, pnq〉))pm+ 1qpnq

→∗ pm+ 1qpnq(λq.Mf ((λx.Mgx)〈q, pnq〉))→∗ (λq.Mf ((λx.Mgx)〈q, pnq〉))pmq

→∗ Mf ((λx.Mgx)〈pmq, pnq〉)→∗ Mf (Mg〈pmq, pnq〉)

A Simple Form of Recursion

Mg = H(λx.λy.y(λz.λw.zw(λq.Mf (x〈q, w〉)))

Mg〈pm+ 1q, pnq〉 →∗ 〈pm+ 1q, pnq〉(λz.λw.zw(λq.Mf ((λx.Mgx)〈q, w〉x))→ (λz.λw.zw(λq.Mf ((λx.Mgx)〈q, pnq〉))pm+ 1qpnq

→∗ pm+ 1qpnq(λq.Mf ((λx.Mgx)〈q, pnq〉))→∗ (λq.Mf ((λx.Mgx)〈q, pnq〉))pmq

→∗ Mf ((λx.Mgx)〈pmq, pnq〉)→∗ Mf (Mg〈pmq, pnq〉)

A Simple Form of Recursion

Mg = H(λx.λy.y(λz.λw.zw(λq.Mf (x〈q, w〉)))

Mg〈pm+ 1q, pnq〉 →∗ 〈pm+ 1q, pnq〉(λz.λw.zw(λq.Mf ((λx.Mgx)〈q, w〉x))→ (λz.λw.zw(λq.Mf ((λx.Mgx)〈q, pnq〉))pm+ 1qpnq

→∗ pm+ 1qpnq(λq.Mf ((λx.Mgx)〈q, pnq〉))→∗ (λq.Mf ((λx.Mgx)〈q, pnq〉))pmq

→∗ Mf ((λx.Mgx)〈pmq, pnq〉)→∗ Mf (Mg〈pmq, pnq〉)

A Simple Form of Recursion

Mg = H(λx.λy.y(λz.λw.zw(λq.Mf (x〈q, w〉)))

Mg〈pm+ 1q, pnq〉 →∗ 〈pm+ 1q, pnq〉(λz.λw.zw(λq.Mf ((λx.Mgx)〈q, w〉x))→ (λz.λw.zw(λq.Mf ((λx.Mgx)〈q, pnq〉))pm+ 1qpnq

→∗ pm+ 1qpnq(λq.Mf ((λx.Mgx)〈q, pnq〉))→∗ (λq.Mf ((λx.Mgx)〈q, pnq〉))pmq

→∗ Mf ((λx.Mgx)〈pmq, pnq〉)→∗ Mf (Mg〈pmq, pnq〉)

A Simple Form of Recursion

Mg = H(λx.λy.y(λz.λw.zw(λq.Mf (x〈q, w〉)))

Mg〈pm+ 1q, pnq〉 →∗ 〈pm+ 1q, pnq〉(λz.λw.zw(λq.Mf ((λx.Mgx)〈q, w〉x))→ (λz.λw.zw(λq.Mf ((λx.Mgx)〈q, pnq〉))pm+ 1qpnq

→∗ pm+ 1qpnq(λq.Mf ((λx.Mgx)〈q, pnq〉))→∗ (λq.Mf ((λx.Mgx)〈q, pnq〉))pmq

→∗ Mf ((λx.Mgx)〈pmq, pnq〉)→∗ Mf (Mg〈pmq, pnq〉)

Universality

I One could go on, and show that the following schemes canall be encoded:

I Composition;I Primitive Recursion;I Minimization.

I This implies that all partial recursive functions can becomputed in the λ-calculus.

TheoremThe λ-calculus is Turing-complete, both when CBV and CBNare considered.

Why is This a Faithful Model of FunctionalComputation?

I Data, conditionals, basic functions, and recursion can all beencoded into the λ-calculus. We can then give programs“informally”, in our favourite functional language.

I Take, as an example, the usual recursive programcomputing the factorial of a natural numberlet rec fact x = if (x==0) then 1 else x*(fact x-1)

I This can indeed be turned into a λ-term (where M∗ andM−1 are terms for multiplication and the predecessor,respectively):

let rec fact x = if (x==0) then 1 else x*(fact x-1)

H(λfact.λx.if (x==0) then 1 else x*(fact x-1))

H(λfact.λx.x p1q (x*(fact x-1)))

H(λfact.λx.x p1q (M∗ x (fact x-1)))

H(λfact.λx.x p1q (M∗ x (fact (M−1x))))

Why is This a Faithful Model of FunctionalComputation?

I Data, conditionals, basic functions, and recursion can all beencoded into the λ-calculus. We can then give programs“informally”, in our favourite functional language.

I Take, as an example, the usual recursive programcomputing the factorial of a natural numberlet rec fact x = if (x==0) then 1 else x*(fact x-1)

I This can indeed be turned into a λ-term (where M∗ andM−1 are terms for multiplication and the predecessor,respectively):

let rec fact x = if (x==0) then 1 else x*(fact x-1)

H(λfact.λx.if (x==0) then 1 else x*(fact x-1))

H(λfact.λx.x p1q (x*(fact x-1)))

H(λfact.λx.x p1q (M∗ x (fact x-1)))

H(λfact.λx.x p1q (M∗ x (fact (M−1x))))

Why is This a Faithful Model of FunctionalComputation?

I Data, conditionals, basic functions, and recursion can all beencoded into the λ-calculus. We can then give programs“informally”, in our favourite functional language.

I Take, as an example, the usual recursive programcomputing the factorial of a natural numberlet rec fact x = if (x==0) then 1 else x*(fact x-1)

I This can indeed be turned into a λ-term (where M∗ andM−1 are terms for multiplication and the predecessor,respectively):

let rec fact x = if (x==0) then 1 else x*(fact x-1)

H(λfact.λx.if (x==0) then 1 else x*(fact x-1))

H(λfact.λx.x p1q (x*(fact x-1)))

H(λfact.λx.x p1q (M∗ x (fact x-1)))

H(λfact.λx.x p1q (M∗ x (fact (M−1x))))

Why is This a Faithful Model of FunctionalComputation?

I Data, conditionals, basic functions, and recursion can all beencoded into the λ-calculus. We can then give programs“informally”, in our favourite functional language.

I Take, as an example, the usual recursive programcomputing the factorial of a natural numberlet rec fact x = if (x==0) then 1 else x*(fact x-1)

I This can indeed be turned into a λ-term (where M∗ andM−1 are terms for multiplication and the predecessor,respectively):

let rec fact x = if (x==0) then 1 else x*(fact x-1)

H(λfact.λx.if (x==0) then 1 else x*(fact x-1))

H(λfact.λx.x p1q (x*(fact x-1)))

H(λfact.λx.x p1q (M∗ x (fact x-1)))

H(λfact.λx.x p1q (M∗ x (fact (M−1x))))

Why is This a Faithful Model of FunctionalComputation?

I Data, conditionals, basic functions, and recursion can all beencoded into the λ-calculus. We can then give programs“informally”, in our favourite functional language.

I Take, as an example, the usual recursive programcomputing the factorial of a natural numberlet rec fact x = if (x==0) then 1 else x*(fact x-1)

I This can indeed be turned into a λ-term (where M∗ andM−1 are terms for multiplication and the predecessor,respectively):

let rec fact x = if (x==0) then 1 else x*(fact x-1)

H(λfact.λx.if (x==0) then 1 else x*(fact x-1))

H(λfact.λx.x p1q (x*(fact x-1)))

H(λfact.λx.x p1q (M∗ x (fact x-1)))

H(λfact.λx.x p1q (M∗ x (fact (M−1x))))

More About SemanticsI The semantics we have adopted so far is said to besmall-step, since it derives assertions in the form M → N ,each corresponding to one atomic computation step.

I There is an equivalent way of formulating the sameconcept, big-step semantics, in which we “jump directlyto the result”:

I CBN

V ⇓ VM ⇓ λx.N Nx/L ⇓ V

ML ⇓ V

I CBV

V ⇓ VM ⇓ λx.N L ⇓ V Nx/V ⇓W

ML ⇓W

TheoremIn both CBN and CBV, M →∗ V if and only if M ⇓ V .

I If M ⇓ V for some V , then we write M ⇓, otherwise M ⇑

More About SemanticsI The semantics we have adopted so far is said to besmall-step, since it derives assertions in the form M → N ,each corresponding to one atomic computation step.

I There is an equivalent way of formulating the sameconcept, big-step semantics, in which we “jump directlyto the result”:

I CBN

V ⇓ VM ⇓ λx.N Nx/L ⇓ V

ML ⇓ V

I CBV

V ⇓ VM ⇓ λx.N L ⇓ V Nx/V ⇓W

ML ⇓W

TheoremIn both CBN and CBV, M →∗ V if and only if M ⇓ V .

I If M ⇓ V for some V , then we write M ⇓, otherwise M ⇑

More About SemanticsI The semantics we have adopted so far is said to besmall-step, since it derives assertions in the form M → N ,each corresponding to one atomic computation step.

I There is an equivalent way of formulating the sameconcept, big-step semantics, in which we “jump directlyto the result”:

I CBN

V ⇓ VM ⇓ λx.N Nx/L ⇓ V

ML ⇓ V

I CBV

V ⇓ VM ⇓ λx.N L ⇓ V Nx/V ⇓W

ML ⇓W

TheoremIn both CBN and CBV, M →∗ V if and only if M ⇓ V .

I If M ⇓ V for some V , then we write M ⇓, otherwise M ⇑

Program Equivalence

I A fundamental question in programming language theory isthe following: when can two programs be consideredequivalent?

I A satisfactory answer to this question would enable:I To validate program optimizations; you could be sure

that the transformations you are performing turn programsinto equivalent ones.

I To perform program verification; just compare theprogram at hand with another (abstract) programcorresponding to the underlying specification.

I But what is the right notion of program equivalence?I M ≡ N iff M = N ; trivial!I M ≡ N iff either M ⇓ V and N ⇓ V for some V or M ⇑ andN ⇑; does not equate values which behave the same.

I M ≡ N iff M and N “have the same semantics”; nice, butwe do not have time to talk about program’s semantics.

Program Equivalence

I A fundamental question in programming language theory isthe following: when can two programs be consideredequivalent?

I A satisfactory answer to this question would enable:I To validate program optimizations; you could be sure

that the transformations you are performing turn programsinto equivalent ones.

I To perform program verification; just compare theprogram at hand with another (abstract) programcorresponding to the underlying specification.

I But what is the right notion of program equivalence?I M ≡ N iff M = N ; trivial!I M ≡ N iff either M ⇓ V and N ⇓ V for some V or M ⇑ andN ⇑; does not equate values which behave the same.

I M ≡ N iff M and N “have the same semantics”; nice, butwe do not have time to talk about program’s semantics.

Program Equivalence

I A fundamental question in programming language theory isthe following: when can two programs be consideredequivalent?

I A satisfactory answer to this question would enable:I To validate program optimizations; you could be sure

that the transformations you are performing turn programsinto equivalent ones.

I To perform program verification; just compare theprogram at hand with another (abstract) programcorresponding to the underlying specification.

I But what is the right notion of program equivalence?I M ≡ N iff M = N ; trivial!I M ≡ N iff either M ⇓ V and N ⇓ V for some V or M ⇑ andN ⇑; does not equate values which behave the same.

I M ≡ N iff M and N “have the same semantics”; nice, butwe do not have time to talk about program’s semantics.

Program Equivalence

I A fundamental question in programming language theory isthe following: when can two programs be consideredequivalent?

I A satisfactory answer to this question would enable:I To validate program optimizations; you could be sure

that the transformations you are performing turn programsinto equivalent ones.

I To perform program verification; just compare theprogram at hand with another (abstract) programcorresponding to the underlying specification.

I But what is the right notion of program equivalence?I M ≡ N iff M = N ; trivial!I M ≡ N iff either M ⇓ V and N ⇓ V for some V or M ⇑ andN ⇑; does not equate values which behave the same.

I M ≡ N iff M and N “have the same semantics”; nice, butwe do not have time to talk about program’s semantics.

Program Equivalence

I A fundamental question in programming language theory isthe following: when can two programs be consideredequivalent?

I A satisfactory answer to this question would enable:I To validate program optimizations; you could be sure

that the transformations you are performing turn programsinto equivalent ones.

I To perform program verification; just compare theprogram at hand with another (abstract) programcorresponding to the underlying specification.

I But what is the right notion of program equivalence?I M ≡ N iff M = N ; trivial!I M ≡ N iff either M ⇓ V and N ⇓ V for some V or M ⇑ andN ⇑; does not equate values which behave the same.

I M ≡ N iff M and N “have the same semantics”; nice, butwe do not have time to talk about program’s semantics.

Context Equivalence

I What we need is a notion of equivalence which equatesterms with the same behaviour.

I More specifically, we would like to equate those termswhich have the same observable behavior in every context.

I Observable Behaviour. Two terms M and N have thesame observable behaviour whenver M ⇓ iff N ⇓ .

I Contexts. They are defined as terms, but they contain aunique placeholder [·]:

C ::= [·] | CM | MC | λx.C.

The term C[M ] is the one obtained from C by substituting[·] with M .

I We can then stipulate that M ≡ N iff for every C, C[M ] ⇓iff C[N ] ⇓.

Context Equivalence

I What we need is a notion of equivalence which equatesterms with the same behaviour.

I More specifically, we would like to equate those termswhich have the same observable behavior in every context.

I Observable Behaviour. Two terms M and N have thesame observable behaviour whenver M ⇓ iff N ⇓ .

I Contexts. They are defined as terms, but they contain aunique placeholder [·]:

C ::= [·] | CM | MC | λx.C.

The term C[M ] is the one obtained from C by substituting[·] with M .

I We can then stipulate that M ≡ N iff for every C, C[M ] ⇓iff C[N ] ⇓.

Context Equivalence

I What we need is a notion of equivalence which equatesterms with the same behaviour.

I More specifically, we would like to equate those termswhich have the same observable behavior in every context.

I Observable Behaviour. Two terms M and N have thesame observable behaviour whenver M ⇓ iff N ⇓ .

I Contexts. They are defined as terms, but they contain aunique placeholder [·]:

C ::= [·] | CM | MC | λx.C.

The term C[M ] is the one obtained from C by substituting[·] with M .

I We can then stipulate that M ≡ N iff for every C, C[M ] ⇓iff C[N ] ⇓.

Context Equivalence

I Examples:λx.x ≡ λx.(λy.y)x

(λx.xx)(λx.xx) = Ω 6≡ λx.Ω

I Exercise: is it true that for every closed M , M ≡ λx.Mx?I Proving that two terms are not context equivalent seems to

be easier than proving that they are.I We need some new techniques to overcome this problem.

Context Equivalence

I Examples:λx.x ≡ λx.(λy.y)x

(λx.xx)(λx.xx) = Ω 6≡ λx.Ω

I Exercise: is it true that for every closed M , M ≡ λx.Mx?I Proving that two terms are not context equivalent seems to

be easier than proving that they are.I We need some new techniques to overcome this problem.

Context Equivalence

I Examples:λx.x ≡ λx.(λy.y)x

(λx.xx)(λx.xx) = Ω 6≡ λx.Ω

I Exercise: is it true that for every closed M , M ≡ λx.Mx?I Proving that two terms are not context equivalent seems to

be easier than proving that they are.I We need some new techniques to overcome this problem.

Context Equivalence

I Examples:λx.x ≡ λx.(λy.y)x

(λx.xx)(λx.xx) = Ω 6≡ λx.Ω

I Exercise: is it true that for every closed M , M ≡ λx.Mx?I Proving that two terms are not context equivalent seems to

be easier than proving that they are.I We need some new techniques to overcome this problem.

Context Equivalence

I Examples:λx.x ≡ λx.(λy.y)x

(λx.xx)(λx.xx) = Ω 6≡ λx.Ω

I Exercise: is it true that for every closed M , M ≡ λx.Mx?I Proving that two terms are not context equivalent seems to

be easier than proving that they are.I We need some new techniques to overcome this problem.

Applicative Bisimulation

Terms Values

M

N

L

...

V

W

Z

...

Applicative Bisimulation

Terms Values

M

N

L

...

V

W

Z

...

Applicative Bisimulation

Terms Values

M

N

L

...

V

W

Z

...

Applicative Bisimulation

Terms Values

M

N

L

...

V

W

Z

...

Applicative Bisimulation

Terms Values

M

N

L

...

V

W

Z

...

M

Applicative Bisimulation

Terms Values

M

N

L

...

V

W

Z

...

M Veval

Applicative Bisimulation

Terms Values

M

N

L

...

V

W

Z

...

M Veval

λx.N

Applicative Bisimulation

Terms Values

M

N

L

...

V

W

Z

...

M Veval

λx.NNx/W W

Applicative Bisimulation

I Simulation.I If M R N and M ⇓ λx.L, then N ⇓ λx.P and for every

argument Q, (LQ/x) R (PQ/x).I Bisimulation.

I If M R N then:I If M ⇓ λx.L, then N ⇓ λx.P and for every argument Q,

(LQ/x) R (PQ/x).I If N ⇓ λx.L, then M ⇓ λx.P and for every argument Q,

(LQ/x) R (PQ/x).I Similarity: union of all simulations, denoted -;I Bisimilarity: union of all bisimulation, denoted ∼.

Theorem (Full Abstraction)M ≡ N iff M ∼ N .

Applicative Bisimulation

I Simulation.I If M R N and M ⇓ λx.L, then N ⇓ λx.P and for every

argument Q, (LQ/x) R (PQ/x).I Bisimulation.

I If M R N then:I If M ⇓ λx.L, then N ⇓ λx.P and for every argument Q,

(LQ/x) R (PQ/x).I If N ⇓ λx.L, then M ⇓ λx.P and for every argument Q,

(LQ/x) R (PQ/x).I Similarity: union of all simulations, denoted -;I Bisimilarity: union of all bisimulation, denoted ∼.

Theorem (Full Abstraction)M ≡ N iff M ∼ N .

Applicative Bisimulation

I Suppose we want to prove that, indeed,

M = λx.x ≡ λx.(λy.y)x = N.

I In principle, we should consider all possible contexts.I But we can also exploit full-abstraction, and just exhibitone applicative bisimulation containing (M,N).

I Here it is:

R = (M,N)∪(L, (λx.x)L) | L is a closed term∪((λx.x)L,L) | L is a closed term∪(L,L) | L is a closed term

I Exercise: prove that R is indeed an applicativebisimulation.

Applicative Bisimulation

I Suppose we want to prove that, indeed,

M = λx.x ≡ λx.(λy.y)x = N.

I In principle, we should consider all possible contexts.I But we can also exploit full-abstraction, and just exhibitone applicative bisimulation containing (M,N).

I Here it is:

R = (M,N)∪(L, (λx.x)L) | L is a closed term∪((λx.x)L,L) | L is a closed term∪(L,L) | L is a closed term

I Exercise: prove that R is indeed an applicativebisimulation.

Applicative Bisimulation

I Suppose we want to prove that, indeed,

M = λx.x ≡ λx.(λy.y)x = N.

I In principle, we should consider all possible contexts.I But we can also exploit full-abstraction, and just exhibitone applicative bisimulation containing (M,N).

I Here it is:

R = (M,N)∪(L, (λx.x)L) | L is a closed term∪((λx.x)L,L) | L is a closed term∪(L,L) | L is a closed term

I Exercise: prove that R is indeed an applicativebisimulation.

Applicative Bisimulation

I Suppose we want to prove that, indeed,

M = λx.x ≡ λx.(λy.y)x = N.

I In principle, we should consider all possible contexts.I But we can also exploit full-abstraction, and just exhibitone applicative bisimulation containing (M,N).

I Here it is:

R = (M,N)∪(L, (λx.x)L) | L is a closed term∪((λx.x)L,L) | L is a closed term∪(L,L) | L is a closed term

I Exercise: prove that R is indeed an applicativebisimulation.

Applicative Bisimulation

I Suppose we want to prove that, indeed,

M = λx.x ≡ λx.(λy.y)x = N.

I In principle, we should consider all possible contexts.I But we can also exploit full-abstraction, and just exhibitone applicative bisimulation containing (M,N).

I Here it is:

R = (M,N)∪(L, (λx.x)L) | L is a closed term∪((λx.x)L,L) | L is a closed term∪(L,L) | L is a closed term

I Exercise: prove that R is indeed an applicativebisimulation.

Type Systems

I We haven’t considered any form of static type for ourprograms, so far.

I Some concrete programming languages are designed as todo type-checking only at runtime, i.e., they do not haveany static type system.

I Scheme, Python, etc.I Actually, endowing the λ-calculus with a type system is

relatively simple.I Types: A,B ::= bool | nat | A→ B | A×B | · · ·I Judgments: x1 : A1, . . . , xn : An `M : B.I Rules (Examples):

Γ `M : A→ B Γ ` N : AΓ `MN : B

Γ, x : A `M : B

Γ ` λx.M : A→ B

Γ, x : A ` x : A Γ ` H : (A→ A)→ A

Type Systems

I We haven’t considered any form of static type for ourprograms, so far.

I Some concrete programming languages are designed as todo type-checking only at runtime, i.e., they do not haveany static type system.

I Scheme, Python, etc.I Actually, endowing the λ-calculus with a type system is

relatively simple.I Types: A,B ::= bool | nat | A→ B | A×B | · · ·I Judgments: x1 : A1, . . . , xn : An `M : B.I Rules (Examples):

Γ `M : A→ B Γ ` N : AΓ `MN : B

Γ, x : A `M : B

Γ ` λx.M : A→ B

Γ, x : A ` x : A Γ ` H : (A→ A)→ A

Type Systems

I We haven’t considered any form of static type for ourprograms, so far.

I Some concrete programming languages are designed as todo type-checking only at runtime, i.e., they do not haveany static type system.

I Scheme, Python, etc.I Actually, endowing the λ-calculus with a type system is

relatively simple.I Types: A,B ::= bool | nat | A→ B | A×B | · · ·I Judgments: x1 : A1, . . . , xn : An `M : B.I Rules (Examples):

Γ `M : A→ B Γ ` N : AΓ `MN : B

Γ, x : A `M : B

Γ ` λx.M : A→ B

Γ, x : A ` x : A Γ ` H : (A→ A)→ A

Type Systems

I We haven’t considered any form of static type for ourprograms, so far.

I Some concrete programming languages are designed as todo type-checking only at runtime, i.e., they do not haveany static type system.

I Scheme, Python, etc.I Actually, endowing the λ-calculus with a type system is

relatively simple.I Types: A,B ::= bool | nat | A→ B | A×B | · · ·I Judgments: x1 : A1, . . . , xn : An `M : B.I Rules (Examples):

Γ `M : A→ B Γ ` N : AΓ `MN : B

Γ, x : A `M : B

Γ ` λx.M : A→ B

Γ, x : A ` x : A Γ ` H : (A→ A)→ A

Type Systems

I We haven’t considered any form of static type for ourprograms, so far.

I Some concrete programming languages are designed as todo type-checking only at runtime, i.e., they do not haveany static type system.

I Scheme, Python, etc.I Actually, endowing the λ-calculus with a type system is

relatively simple.I Types: A,B ::= bool | nat | A→ B | A×B | · · ·I Judgments: x1 : A1, . . . , xn : An `M : B.I Rules (Examples):

Γ `M : A→ B Γ ` N : AΓ `MN : B

Γ, x : A `M : B

Γ ` λx.M : A→ B

Γ, x : A ` x : A Γ ` H : (A→ A)→ A

Section 2

Probabilistic λ-Calculi

Probabilistic λ-Calculus: Syntax and OperationalSemantics

I Terms: M,N ::= x | λx.M | MN | M ⊕N ;I Values: V ::= λx.M ;I How should we define the semantics of a probabilistic termM?

I Informally, M ⊕N rewrites to M or to N with probability12 : this is just like flippling a coin and choosing one of thetwo terms according to the result.

I A value distribution is a function D from the set V ofvalues to R such ∑

V ∈VD(V ) ≤ 1.

I The fact the sum can be strictly smaller than 1 is a wayto reflect (the probability of) divergence.

I The empty value distribution is denoted as ∅.I Useful notation for finite distributions: V p11 , . . . , V pnn .I Value distributions can be ordere, pointwise.I S(D) is the support of D , i.e. the set of values to which D

assigns nonnull probability.

Probabilistic λ-Calculus: Syntax and OperationalSemantics

I Terms: M,N ::= x | λx.M | MN | M ⊕N ;I Values: V ::= λx.M ;I How should we define the semantics of a probabilistic termM?

I Informally, M ⊕N rewrites to M or to N with probability12 : this is just like flippling a coin and choosing one of thetwo terms according to the result.

I A value distribution is a function D from the set V ofvalues to R such ∑

V ∈VD(V ) ≤ 1.

I The fact the sum can be strictly smaller than 1 is a wayto reflect (the probability of) divergence.

I The empty value distribution is denoted as ∅.I Useful notation for finite distributions: V p11 , . . . , V pnn .I Value distributions can be ordere, pointwise.I S(D) is the support of D , i.e. the set of values to which D

assigns nonnull probability.

Probabilistic λ-Calculus: Syntax and OperationalSemantics

I Terms: M,N ::= x | λx.M | MN | M ⊕N ;I Values: V ::= λx.M ;I How should we define the semantics of a probabilistic termM?

I Informally, M ⊕N rewrites to M or to N with probability12 : this is just like flippling a coin and choosing one of thetwo terms according to the result.

I A value distribution is a function D from the set V ofvalues to R such ∑

V ∈VD(V ) ≤ 1.

I The fact the sum can be strictly smaller than 1 is a wayto reflect (the probability of) divergence.

I The empty value distribution is denoted as ∅.I Useful notation for finite distributions: V p11 , . . . , V pnn .I Value distributions can be ordere, pointwise.I S(D) is the support of D , i.e. the set of values to which D

assigns nonnull probability.

Probabilistic λ-Calculus: Syntax and OperationalSemantics

I Approximation (Big-Step) Semantics, CBN:

M ⇓ ∅ V ⇓ V 1M ⇓ D N ⇓ E

M ⊕N ⇓ 12D + 1

2E

M ⇓ D Px/N ⇓ Eλx.P λx.P∈S(D)

MN ⇓∑

V ∈S(F)

D(V )Eλx.P

I Example: consider M = I ⊕ ((II)⊕ Ω), where I = λx.xand Ω = (λx.xx)(λx.xx).

M ⇓ ∅ M ⇓ I12 M ⇓ I

34

I Semantics: [[M ]] = supM⇓D D ;I Variations: Small-Step Semantics, CBV.

Probabilistic λ-Calculus: Syntax and OperationalSemantics

I Approximation (Big-Step) Semantics, CBN:

M ⇓ ∅ V ⇓ V 1M ⇓ D N ⇓ E

M ⊕N ⇓ 12D + 1

2E

M ⇓ D Px/N ⇓ Eλx.P λx.P∈S(D)

MN ⇓∑

V ∈S(F)

D(V )Eλx.P

I Example: consider M = I ⊕ ((II)⊕ Ω), where I = λx.xand Ω = (λx.xx)(λx.xx).

M ⇓ ∅ M ⇓ I12 M ⇓ I

34

I Semantics: [[M ]] = supM⇓D D ;I Variations: Small-Step Semantics, CBV.

Probabilistic λ-Calculus: Syntax and OperationalSemantics

I Approximation (Big-Step) Semantics, CBN:

M ⇓ ∅ V ⇓ V 1M ⇓ D N ⇓ E

M ⊕N ⇓ 12D + 1

2E

M ⇓ D Px/N ⇓ Eλx.P λx.P∈S(D)

MN ⇓∑

V ∈S(F)

D(V )Eλx.P

I Example: consider M = I ⊕ ((II)⊕ Ω), where I = λx.xand Ω = (λx.xx)(λx.xx).

M ⇓ ∅ M ⇓ I12 M ⇓ I

34

I Semantics: [[M ]] = supM⇓D D ;I Variations: Small-Step Semantics, CBV.

Probabilistic λ-Calculus: Syntax and OperationalSemantics

I Approximation (Big-Step) Semantics, CBN:

M ⇓ ∅ V ⇓ V 1M ⇓ D N ⇓ E

M ⊕N ⇓ 12D + 1

2E

M ⇓ D Px/N ⇓ Eλx.P λx.P∈S(D)

MN ⇓∑

V ∈S(F)

D(V )Eλx.P

I Example: consider M = I ⊕ ((II)⊕ Ω), where I = λx.xand Ω = (λx.xx)(λx.xx).

M ⇓ ∅ M ⇓ I12 M ⇓ I

34

I Semantics: [[M ]] = supM⇓D D ;I Variations: Small-Step Semantics, CBV.

Probabilistic λ-Calculus: Syntax and OperationalSemantics

I Approximation (Big-Step) Semantics, CBN:

M ⇓ ∅ V ⇓ V 1M ⇓ D N ⇓ E

M ⊕N ⇓ 12D + 1

2E

M ⇓ D Px/N ⇓ Eλx.P λx.P∈S(D)

MN ⇓∑

V ∈S(F)

D(V )Eλx.P

I Example: consider M = I ⊕ ((II)⊕ Ω), where I = λx.xand Ω = (λx.xx)(λx.xx).

M ⇓ ∅ M ⇓ I12 M ⇓ I

34

I Semantics: [[M ]] = supM⇓D D ;I Variations: Small-Step Semantics, CBV.

Probabilistic λ-Calculus: Syntax and OperationalSemantics

I Approximation (Big-Step) Semantics, CBN:

M ⇓ ∅ V ⇓ V 1M ⇓ D N ⇓ E

M ⊕N ⇓ 12D + 1

2E

M ⇓ D Px/N ⇓ Eλx.P λx.P∈S(D)

MN ⇓∑

V ∈S(F)

D(V )Eλx.P

I Example: consider M = I ⊕ ((II)⊕ Ω), where I = λx.xand Ω = (λx.xx)(λx.xx).

M ⇓ ∅ M ⇓ I12 M ⇓ I

34

I Semantics: [[M ]] = supM⇓D D ;I Variations: Small-Step Semantics, CBV.

Probabilistic λ-Calculus: Syntax and OperationalSemantics

I As an example, consider the following recursive program,and call it M :let rec fancy x = x (+) (fancy x+1)

I One can easily check that:

Mp0q ⇓ ∅ Mp0q ⇓ p0q12 Mp0q ⇓ p0q

12 , p1q

14 · · ·

I As a consequence:

[[Mp0q]] = supMp0q⇓D

D = p0q12 , p1q

14 , p2q

18 , . . .

I As an exercise, find a term N such that[[N ]] = p1q

12 , p4q

14 , p9q

18 , . . .

Probabilistic λ-Calculus: Syntax and OperationalSemantics

I As an example, consider the following recursive program,and call it M :let rec fancy x = x (+) (fancy x+1)

I One can easily check that:

Mp0q ⇓ ∅ Mp0q ⇓ p0q12 Mp0q ⇓ p0q

12 , p1q

14 · · ·

I As a consequence:

[[Mp0q]] = supMp0q⇓D

D = p0q12 , p1q

14 , p2q

18 , . . .

I As an exercise, find a term N such that[[N ]] = p1q

12 , p4q

14 , p9q

18 , . . .

Probabilistic λ-Calculus: Syntax and OperationalSemantics

I As an example, consider the following recursive program,and call it M :let rec fancy x = x (+) (fancy x+1)

I One can easily check that:

Mp0q ⇓ ∅ Mp0q ⇓ p0q12 Mp0q ⇓ p0q

12 , p1q

14 · · ·

I As a consequence:

[[Mp0q]] = supMp0q⇓D

D = p0q12 , p1q

14 , p2q

18 , . . .

I As an exercise, find a term N such that[[N ]] = p1q

12 , p4q

14 , p9q

18 , . . .

Probabilistic λ-Calculus: Syntax and OperationalSemantics

I As an example, consider the following recursive program,and call it M :let rec fancy x = x (+) (fancy x+1)

I One can easily check that:

Mp0q ⇓ ∅ Mp0q ⇓ p0q12 Mp0q ⇓ p0q

12 , p1q

14 · · ·

I As a consequence:

[[Mp0q]] = supMp0q⇓D

D = p0q12 , p1q

14 , p2q

18 , . . .

I As an exercise, find a term N such that[[N ]] = p1q

12 , p4q

14 , p9q

18 , . . .

Probabilistic λ-Calculus: Syntax and OperationalSemantics

I As an example, consider the following recursive program,and call it M :let rec fancy x = x (+) (fancy x+1)

I One can easily check that:

Mp0q ⇓ ∅ Mp0q ⇓ p0q12 Mp0q ⇓ p0q

12 , p1q

14 · · ·

I As a consequence:

[[Mp0q]] = supMp0q⇓D

D = p0q12 , p1q

14 , p2q

18 , . . .

I As an exercise, find a term N such that[[N ]] = p1q

12 , p4q

14 , p9q

18 , . . .

Probabilistic λ-Calculus: Syntax and OperationalSemantics

I As an example, consider the following recursive program,and call it M :let rec fancy x = x (+) (fancy x+1)

I One can easily check that:

Mp0q ⇓ ∅ Mp0q ⇓ p0q12 Mp0q ⇓ p0q

12 , p1q

14 · · ·

I As a consequence:

[[Mp0q]] = supMp0q⇓D

D = p0q12 , p1q

14 , p2q

18 , . . .

I As an exercise, find a term N such that[[N ]] = p1q

12 , p4q

14 , p9q

18 , . . .

Contextual Equivalence in a Probabilistic Setting

I In analogy to the deterministic setting, we observeconvergence, which now becomes quantitative.

I The observable behaviour of M is given by∑[[M ]] =

∑V ∈V [[M ]](V ).

I But∑

[[M ]] is nothing more than the probability ofconvergence for the term M .

I Contexts are extended to reflect the presence ofprobabilistic choice

C ::= [·] | CM | MC | λx.C | C ⊕M | M ⊕ C.I Analogously to the deterministic case, M ≡ N iff for everyC, the following equality holds:∑

[[C[M ]]] =∑

[[C[N ]]].

Motivating Example: Perfect Security

Motivating Example: Perfect Security

I We want to formalize the notion of perfect security for anencryption scheme.

I TakeM and C as the random variables modelingmessages and cryptograms, respectively.

I Of course, the two variables are not independent, at least inprinciple.

I If we want the underlying scheme to be secure, we need tobe sure that they are as independent as possible.

Pr(M = m | C = c) = Pr(M = m).

Pr(C = c | M = m) = Pr(C = c).

Pr(C = c | M = m0) = Pr(C = c | M = m1).

Motivating Example: Perfect Security

I We want to formalize the notion of perfect security for anencryption scheme.

I TakeM and C as the random variables modelingmessages and cryptograms, respectively.

I Of course, the two variables are not independent, at least inprinciple.

I If we want the underlying scheme to be secure, we need tobe sure that they are as independent as possible.

Pr(M = m | C = c) = Pr(M = m).

Pr(C = c | M = m) = Pr(C = c).

Pr(C = c | M = m0) = Pr(C = c | M = m1).

Motivating Example: Perfect Security

I We want to formalize the notion of perfect security for anencryption scheme.

I TakeM and C as the random variables modelingmessages and cryptograms, respectively.

I Of course, the two variables are not independent, at least inprinciple.

I If we want the underlying scheme to be secure, we need tobe sure that they are as independent as possible.

Pr(M = m | C = c) = Pr(M = m).

Pr(C = c | M = m) = Pr(C = c).

Pr(C = c | M = m0) = Pr(C = c | M = m1).

Motivating Example: Perfect Security

I We want to formalize the notion of perfect security for anencryption scheme.

I TakeM and C as the random variables modelingmessages and cryptograms, respectively.

I Of course, the two variables are not independent, at least inprinciple.

I If we want the underlying scheme to be secure, we need tobe sure that they are as independent as possible.

Pr(M = m | C = c) = Pr(M = m).

Pr(C = c | M = m) = Pr(C = c).

Pr(C = c | M = m0) = Pr(C = c | M = m1).

Motivating Example: Perfect Security

I We want to formalize the notion of perfect security for anencryption scheme.

I TakeM and C as the random variables modelingmessages and cryptograms, respectively.

I Of course, the two variables are not independent, at least inprinciple.

I If we want the underlying scheme to be secure, we need tobe sure that they are as independent as possible.

Pr(M = m | C = c) = Pr(M = m).

Pr(C = c | M = m) = Pr(C = c).

Pr(C = c | M = m0) = Pr(C = c | M = m1).

Motivating Example: Perfect Security

I We want to formalize the notion of perfect security for anencryption scheme.

I TakeM and C as the random variables modelingmessages and cryptograms, respectively.

I Of course, the two variables are not independent, at least inprinciple.

I If we want the underlying scheme to be secure, we need tobe sure that they are as independent as possible.

Pr(M = m | C = c) = Pr(M = m).

Pr(C = c | M = m) = Pr(C = c).

Pr(C = c | M = m0) = Pr(C = c | M = m1).

Motivating Example: Perfect Security

PrivKm0,m1 ← A1;b← 0, 1;k ← GEN ;c← ENC (mb, k);b′ ← A2(c);return b = b′.

Motivating Example: Perfect Security

PrivKm0,m1 ← A1;b← 0, 1;k ← GEN ;c← ENC (mb, k);b′ ← A2(c);return b = b′.

Motivating Example: Perfect Security

PrivKm0,m1 ← A1;b← 0, 1;k ← GEN ;c← ENC (mb, k);b′ ← A2(c);return b = b′.

Motivating Example: Perfect Security

PrivKm0,m1 ← A1;b← 0, 1;k ← GEN ;c← ENC (mb, k);b′ ← A2(c);return b = b′.

Motivating Example: Perfect Security

PrivKm0,m1 ← A1;b← 0, 1;k ← GEN ;c← ENC (mb, k);b′ ← A2(c);return b = b′.

Motivating Example: Perfect Security

PrivKm0,m1 ← A1;b← 0, 1;k ← GEN ;c← ENC (mb, k);b′ ← A2(c);return b = b′.

Motivating Example: Perfect Security

Pr (PrivK = true) =1

2

Motivating Example: Perfect Security

One-Time-PadGEN = tt⊕ ff : bool;

ENC = λx.λy.if x then ¬y else y : bool→ bool→ bool;

The Experiment as a Pair of TermsEXPFST = λx.λy.ENC x GEN : bool→ bool→ bool;

EXPSND = λx.λy.ENC y GEN : bool→ bool→ bool.

∀A.Pr(PrivKOTP = true) =1

2⇔ EXPFST ≡ EXPSND

Another ExperimentEXPCPA

FST = λx.λy.(λz.〈ENC x z, λw.ENC w z〉)GEN ;

EXPCPASND = λx.λy.(λz.〈ENC y z, λw.ENC w z〉)GEN .

Motivating Example: Perfect Security

One-Time-PadGEN = tt⊕ ff : bool;

ENC = λx.λy.if x then ¬y else y : bool→ bool→ bool;

The Experiment as a Pair of TermsEXPFST = λx.λy.ENC x GEN : bool→ bool→ bool;

EXPSND = λx.λy.ENC y GEN : bool→ bool→ bool.

∀A.Pr(PrivKOTP = true) =1

2⇔ EXPFST ≡ EXPSND

Another ExperimentEXPCPA

FST = λx.λy.(λz.〈ENC x z, λw.ENC w z〉)GEN ;

EXPCPASND = λx.λy.(λz.〈ENC y z, λw.ENC w z〉)GEN .

Motivating Example: Perfect Security

One-Time-PadGEN = tt⊕ ff : bool;

ENC = λx.λy.if x then ¬y else y : bool→ bool→ bool;

The Experiment as a Pair of TermsEXPFST = λx.λy.ENC x GEN : bool→ bool→ bool;

EXPSND = λx.λy.ENC y GEN : bool→ bool→ bool.

∀A.Pr(PrivKOTP = true) =1

2⇔ EXPFST ≡ EXPSND

Another ExperimentEXPCPA

FST = λx.λy.(λz.〈ENC x z, λw.ENC w z〉)GEN ;

EXPCPASND = λx.λy.(λz.〈ENC y z, λw.ENC w z〉)GEN .

Motivating Example: Perfect Security

One-Time-PadGEN = tt⊕ ff : bool;

ENC = λx.λy.if x then ¬y else y : bool→ bool→ bool;

The Experiment as a Pair of TermsEXPFST = λx.λy.ENC x GEN : bool→ bool→ bool;

EXPSND = λx.λy.ENC y GEN : bool→ bool→ bool.

∀A.Pr(PrivKOTP = true) =1

2⇔ EXPFST ≡ EXPSND

Another ExperimentEXPCPA

FST = λx.λy.(λz.〈ENC x z, λw.ENC w z〉)GEN ;

EXPCPASND = λx.λy.(λz.〈ENC y z, λw.ENC w z〉)GEN .

The Probabilistic λ-Calculus as a Transition System

Terms Values

M V

W

Z

eval, [[M ]](V )

eval, [[M ]](W )

eval, [[M ]](Z)

λx.NNx/WW , 1

The Probabilistic λ-Calculus as a Transition System

Terms Values

M V

W

Z

eval, [[M ]](V )

eval, [[M ]](W )

eval, [[M ]](Z)

λx.NNx/WW , 1

The Probabilistic λ-Calculus as a Transition System

Terms Values

M V

W

Z

eval, [[M ]](V )

eval, [[M ]](W )

eval, [[M ]](Z)

λx.NNx/WW , 1

The Probabilistic λ-Calculus as a Transition System

Terms Values

M V

W

Z

eval, [[M ]](V )

eval, [[M ]](W )

eval, [[M ]](Z)

λx.NNx/WW , 1

The Probabilistic λ-Calculus as a Transition System

Terms Values

M V

W

Z

eval, [[M ]](V )

eval, [[M ]](W )

eval, [[M ]](Z)

λx.NNx/WW , 1

The Probabilistic λ-Calculus as a Transition System

Terms Values

M V

W

Z

eval, [[M ]](V )

eval, [[M ]](W )

eval, [[M ]](Z)

λx.NNx/WW , 1

Spelling Out the Definition

λx.M ∼λx.N ML/x

L

NL/x

L

∼

M∼N

[[M ]]eval

[[N ]]eval

[[M ]](E) [[N ]](E)=

Spelling Out the Definition

λx.M ∼λx.N ML/x

L

NL/x

L

∼

M∼N

[[M ]]eval

[[N ]]eval

[[M ]](E) [[N ]](E)=

Spelling Out the Definition

λx.M ∼λx.N ML/x

L

NL/x

L

∼

M∼N

[[M ]]eval

[[N ]]eval

[[M ]](E) [[N ]](E)=

Spelling Out the Definition

λx.M ∼λx.N ML/x

L

NL/x

L

∼

M∼N

[[M ]]eval

[[N ]]eval

[[M ]](E) [[N ]](E)=

Spelling Out the Definition

λx.M ∼λx.N ML/x

L

NL/x

L

∼

M∼N

[[M ]]eval

[[N ]]eval

[[M ]](E) [[N ]](E)=

Spelling Out the Definition

λx.M ∼λx.N ML/x

L

NL/x

L

∼

M∼N

[[M ]]eval

[[N ]]eval

[[M ]](E) [[N ]](E)=

Spelling Out the Definition

λx.M ∼λx.N ML/x

L

NL/x

L

∼

M∼N

[[M ]]eval

[[N ]]eval

[[M ]](E) [[N ]](E)=

Spelling Out the Definition

λx.M ∼λx.N ML/x

L

NL/x

L

∼

M∼N

[[M ]]eval

[[N ]]eval

[[M ]](E) [[N ]](E)=

Spelling Out the Definition

λx.M ∼λx.N ML/x

L

NL/x

L

∼

M∼N

[[M ]]eval

[[N ]]eval

[[M ]](E) [[N ]](E)=

Spelling Out the Definition

λx.M ∼λx.N ML/x

L

NL/x

L

∼

M∼N

[[M ]]eval

[[N ]]eval

[[M ]](E) [[N ]](E)=

Probabilistic Applicative Bisimulation

I Suppose you want to prove that the following two terms arebisimilar (i.e., M ∼ N):

M = I ⊕ ((λx.Ω)⊕ (ΩI))

N = (Ω⊕ (λx.ΩI))⊕ (II)

I We should look for a probabilistic applicative bisimulationR including (M,N).

I Let’s proceed incrementally:

R = (M,N)∪(I, II), (II, I)∪(Ω,ΩI), (ΩI,Ω)

∪(λx.Ω, λx.ΩI), (λx.ΩI, λx.Ω)∪(L,L) | L is s closed term

Probabilistic Applicative Bisimulation

I Suppose you want to prove that the following two terms arebisimilar (i.e., M ∼ N):

M = I ⊕ ((λx.Ω)⊕ (ΩI))

N = (Ω⊕ (λx.ΩI))⊕ (II)

I We should look for a probabilistic applicative bisimulationR including (M,N).

I Let’s proceed incrementally:

R = (M,N)∪(I, II), (II, I)∪(Ω,ΩI), (ΩI,Ω)

∪(λx.Ω, λx.ΩI), (λx.ΩI, λx.Ω)∪(L,L) | L is s closed term

Probabilistic Applicative Bisimulation

I Suppose you want to prove that the following two terms arebisimilar (i.e., M ∼ N):

M = I ⊕ ((λx.Ω)⊕ (ΩI))

N = (Ω⊕ (λx.ΩI))⊕ (II)

I We should look for a probabilistic applicative bisimulationR including (M,N).

I Let’s proceed incrementally:

R = (M,N)∪(I, II), (II, I)∪(Ω,ΩI), (ΩI,Ω)

∪(λx.Ω, λx.ΩI), (λx.ΩI, λx.Ω)∪(L,L) | L is s closed term

Probabilistic Applicative Bisimulation

I Suppose you want to prove that the following two terms arebisimilar (i.e., M ∼ N):

M = I ⊕ ((λx.Ω)⊕ (ΩI))

N = (Ω⊕ (λx.ΩI))⊕ (II)

I We should look for a probabilistic applicative bisimulationR including (M,N).

I Let’s proceed incrementally:

R = (M,N)∪(I, II), (II, I)∪(Ω,ΩI), (ΩI,Ω)

∪(λx.Ω, λx.ΩI), (λx.ΩI, λx.Ω)∪(L,L) | L is s closed term

Probabilistic Applicative Bisimulation

I Suppose you want to prove that the following two terms arebisimilar (i.e., M ∼ N):

M = I ⊕ ((λx.Ω)⊕ (ΩI))

N = (Ω⊕ (λx.ΩI))⊕ (II)

I We should look for a probabilistic applicative bisimulationR including (M,N).

I Let’s proceed incrementally:

R = (M,N)∪(I, II), (II, I)∪(Ω,ΩI), (ΩI,Ω)

∪(λx.Ω, λx.ΩI), (λx.ΩI, λx.Ω)∪(L,L) | L is s closed term

Probabilistic Applicative Bisimulation

I Suppose you want to prove that the following two terms arebisimilar (i.e., M ∼ N):

M = I ⊕ ((λx.Ω)⊕ (ΩI))

N = (Ω⊕ (λx.ΩI))⊕ (II)

I We should look for a probabilistic applicative bisimulationR including (M,N).

I Let’s proceed incrementally:

R = (M,N)∪(I, II), (II, I)∪(Ω,ΩI), (ΩI,Ω)

∪(λx.Ω, λx.ΩI), (λx.ΩI, λx.Ω)∪(L,L) | L is s closed term

Probabilistic Applicative Bisimulation

I Suppose you want to prove that the following two terms arebisimilar (i.e., M ∼ N):

M = I ⊕ ((λx.Ω)⊕ (ΩI))

N = (Ω⊕ (λx.ΩI))⊕ (II)

I We should look for a probabilistic applicative bisimulationR including (M,N).

I Let’s proceed incrementally:

R = (M,N)∪(I, II), (II, I)∪(Ω,ΩI), (ΩI,Ω)

∪(λx.Ω, λx.ΩI), (λx.ΩI, λx.Ω)∪(L,L) | L is s closed term

Full Abstraction?I Is there any correspondence between probabilistic

applicative bisimulation on the one hand and contextequivalence on the other?

I Unfortunately, the situation is not as bright as in thedeterministic case

TheoremIn CBV, M ≡ N iff M ∼ N .

TheoremIn CBN, if M ∼ N then M ≡ N , but the converse does not hold.

I A counterexample for CBN is the following:

M = λx.Ω⊕ I N = (λx.Ω)⊕ (λx.I)

It is quite easy to see that M 6∼ N , while M ≡ N .

Full Abstraction?I Is there any correspondence between probabilistic

applicative bisimulation on the one hand and contextequivalence on the other?

I Unfortunately, the situation is not as bright as in thedeterministic case

TheoremIn CBV, M ≡ N iff M ∼ N .

TheoremIn CBN, if M ∼ N then M ≡ N , but the converse does not hold.

I A counterexample for CBN is the following:

M = λx.Ω⊕ I N = (λx.Ω)⊕ (λx.I)

It is quite easy to see that M 6∼ N , while M ≡ N .

Full Abstraction?I Is there any correspondence between probabilistic

applicative bisimulation on the one hand and contextequivalence on the other?

I Unfortunately, the situation is not as bright as in thedeterministic case

TheoremIn CBV, M ≡ N iff M ∼ N .

TheoremIn CBN, if M ∼ N then M ≡ N , but the converse does not hold.

I A counterexample for CBN is the following:

M = λx.Ω⊕ I N = (λx.Ω)⊕ (λx.I)

It is quite easy to see that M 6∼ N , while M ≡ N .

Full Abstraction?I Is there any correspondence between probabilistic

applicative bisimulation on the one hand and contextequivalence on the other?

I Unfortunately, the situation is not as bright as in thedeterministic case

TheoremIn CBV, M ≡ N iff M ∼ N .

TheoremIn CBN, if M ∼ N then M ≡ N , but the converse does not hold.

I A counterexample for CBN is the following:

M = λx.Ω⊕ I N = (λx.Ω)⊕ (λx.I)

It is quite easy to see that M 6∼ N , while M ≡ N .

Back to Our Example

EXPFST = λx.λy.ENC x GEN : bool→ bool→ bool;

EXPSND = λx.λy.ENC y GEN : bool→ bool→ bool.

Rσ = Xσ ×Xσ ∪ IDσ;

Xbool = (ENC tt GEN ), (ENC ff GEN );Xbool→bool = (λy.ENC y GEN ), (λy.ENC tt GEN ),

(λy.ENC ff GEN );Xbool→bool→bool = EXPFST ,EXPSND;

Back to Our Example

EXPFST = λx.λy.ENC x GEN : bool→ bool→ bool;

EXPSND = λx.λy.ENC y GEN : bool→ bool→ bool.

Rσ = Xσ ×Xσ ∪ IDσ;

Xbool = (ENC tt GEN ), (ENC ff GEN );Xbool→bool = (λy.ENC y GEN ), (λy.ENC tt GEN ),

(λy.ENC ff GEN );Xbool→bool→bool = EXPFST ,EXPSND;

Section 3

Quantum λ-Calculi

A Naïve Attempt

I While looking for a quantum generalization of theλ-calculus, one could be tempted to proceed merely byenriching its syntax of terms as follows:

M,N ::= x | λx.M | MN | r | U | new | measwhere:

I r is a quantum variable pointing to the quantum store;I the operator new creates a new qubit;I the operator meas measures a qubit from the quantum

store;I U applies a unitary transform to one (or more) qubits from

the quantum store.I This would be enough to express, e.g., some simple

quantum circuits:

λx.λy.CNOT〈H x, y〉 λx.meas(H(new x))

A Naïve Attempt

[∅, (λx.λy.CNOT〈H x, y〉)〈new p0q, new p0q〉]

→∗ [|r → 0〉 ⊗ |q → 0〉, (λx.λy.CNOT〈H x, y〉)〈r, q〉]

→ [|r → 0〉 ⊗ |q → 0〉,CNOT〈H r, q〉]

→ [1√2|r → 0, q → 0〉+

1√2|r → 1, q → 0〉,CNOT〈r, q〉]

→ [1√2|r → 0, q → 0〉+

1√2|r → 1, q → 1〉, 〈r, q〉]

A Naïve Attempt

[∅, (λx.λy.CNOT〈H x, y〉)〈new p0q, new p0q〉]

→∗ [|r → 0〉 ⊗ |q → 0〉, (λx.λy.CNOT〈H x, y〉)〈r, q〉]

→ [|r → 0〉 ⊗ |q → 0〉,CNOT〈H r, q〉]

→ [1√2|r → 0, q → 0〉+

1√2|r → 1, q → 0〉,CNOT〈r, q〉]

→ [1√2|r → 0, q → 0〉+

1√2|r → 1, q → 1〉, 〈r, q〉]

A Naïve Attempt

[∅, (λx.λy.CNOT〈H x, y〉)〈new p0q, new p0q〉]

→∗ [|r → 0〉 ⊗ |q → 0〉, (λx.λy.CNOT〈H x, y〉)〈r, q〉]

→ [|r → 0〉 ⊗ |q → 0〉,CNOT〈H r, q〉]

→ [1√2|r → 0, q → 0〉+

1√2|r → 1, q → 0〉,CNOT〈r, q〉]

→ [1√2|r → 0, q → 0〉+

1√2|r → 1, q → 1〉, 〈r, q〉]

A Naïve Attempt

[∅, (λx.λy.CNOT〈H x, y〉)〈new p0q, new p0q〉]

→∗ [|r → 0〉 ⊗ |q → 0〉, (λx.λy.CNOT〈H x, y〉)〈r, q〉]

→ [|r → 0〉 ⊗ |q → 0〉,CNOT〈H r, q〉]

→ [1√2|r → 0, q → 0〉+

1√2|r → 1, q → 0〉,CNOT〈r, q〉]

→ [1√2|r → 0, q → 0〉+

1√2|r → 1, q → 1〉, 〈r, q〉]

A Naïve Attempt

[∅, (λx.λy.CNOT〈H x, y〉)〈new p0q, new p0q〉]

→∗ [|r → 0〉 ⊗ |q → 0〉, (λx.λy.CNOT〈H x, y〉)〈r, q〉]

→ [|r → 0〉 ⊗ |q → 0〉,CNOT〈H r, q〉]

→ [1√2|r → 0, q → 0〉+

1√2|r → 1, q → 0〉,CNOT〈r, q〉]

→ [1√2|r → 0, q → 0〉+

1√2|r → 1, q → 1〉, 〈r, q〉]

A Naïve Attempt

I This approach has some fundamental problems,however.

I Take the term (λx.CNOT〈x, x〉)new and suppose, as in theprevious example, to reduce it in CBV:

[∅, (λx.CNOT〈x, x〉)(newp0q)]

→ [|r → 0〉, (λx.CNOT〈x, x〉)r]→ [|r → 0〉,CNOT〈r, r〉]

I Qubits can be freely duplicated or erased!I And this goes against the principles of quantum mechanics.

I We need a way to force qubits to be used exactly oncewhen passed to functions.

A Naïve Attempt

I This approach has some fundamental problems,however.

I Take the term (λx.CNOT〈x, x〉)new and suppose, as in theprevious example, to reduce it in CBV:

[∅, (λx.CNOT〈x, x〉)(newp0q)]

→ [|r → 0〉, (λx.CNOT〈x, x〉)r]→ [|r → 0〉,CNOT〈r, r〉]

I Qubits can be freely duplicated or erased!I And this goes against the principles of quantum mechanics.

I We need a way to force qubits to be used exactly oncewhen passed to functions.

A Naïve Attempt

I This approach has some fundamental problems,however.

I Take the term (λx.CNOT〈x, x〉)new and suppose, as in theprevious example, to reduce it in CBV:

[∅, (λx.CNOT〈x, x〉)(newp0q)]

→ [|r → 0〉, (λx.CNOT〈x, x〉)r]→ [|r → 0〉,CNOT〈r, r〉]

I Qubits can be freely duplicated or erased!I And this goes against the principles of quantum mechanics.

I We need a way to force qubits to be used exactly oncewhen passed to functions.

A Naïve Attempt

I This approach has some fundamental problems,however.

I Take the term (λx.CNOT〈x, x〉)new and suppose, as in theprevious example, to reduce it in CBV:

[∅, (λx.CNOT〈x, x〉)(newp0q)]

→ [|r → 0〉, (λx.CNOT〈x, x〉)r]→ [|r → 0〉,CNOT〈r, r〉]

I Qubits can be freely duplicated or erased!I And this goes against the principles of quantum mechanics.

I We need a way to force qubits to be used exactly oncewhen passed to functions.

Linearity and the λ-CalculusI First of all, let us impose that in any abstraction λx.M , the

variable x occurs exactly once in M .I Copying and erasure not possible, anymore.I But the calculus loses much of its expressive power.

I The idea is to refine the calculus in such a way as toreintroduce erasure and copying, but in a controlled way.

I We mark as !M all those subterms which can be(potentially) copied or erased;

I Besides the usual linear abstraction λx.M , there is anon-linear abstraction λ!x.M .

I Altogether, then, the language of terms becomes:

M,N ::= x | λx.M | λ!x.M | MN | !M

r | U | new | meas

where we insist that any term in the form !M does notcontain any quantum variable.

Linearity and the λ-CalculusI First of all, let us impose that in any abstraction λx.M , the

variable x occurs exactly once in M .I Copying and erasure not possible, anymore.I But the calculus loses much of its expressive power.

I The idea is to refine the calculus in such a way as toreintroduce erasure and copying, but in a controlled way.

I We mark as !M all those subterms which can be(potentially) copied or erased;

I Besides the usual linear abstraction λx.M , there is anon-linear abstraction λ!x.M .

I Altogether, then, the language of terms becomes:

M,N ::= x | λx.M | λ!x.M | MN | !M

r | U | new | meas

where we insist that any term in the form !M does notcontain any quantum variable.

Thank You!

Questions?