Aims of the course The aim of this course to show that logic is a - - PowerPoint PPT Presentation

Program Extraction From Proofs1

Ulrich Berger Swansea University Autumn School “Proof and Computation” Fischbachau, September 16-22, 2018

1available at www.cs.swan.ac.uk/∼csulrich/slides.html 1 / 68

Aims of the course

The aim of this course to show that logic is a natural bridge between mathematics and computation. We will study how valid reasoning in abstract mathematics leads to provably correct algorithms and hence certified computer programs

2 / 68

Plan of the course

Lecture 1: Logic and constructivism Lecture 2: Proofs as programs Lecture 3: Program extraction

3 / 68

Aristotle (384 - 322 BC)

Syllogisms (a form of logical deduction): All men are mortal Aristotle is a man Aristotle is mortal

4 / 68

Important branches of logic today

(1) Philosophical Logic (2) Mathematical Logic (3) Logic in Computer Science Our course takes place mainly in (3) but we will heavily use tools from (2) (in particular the sub-field of proof theory) and motivation from (1).

5 / 68

The fundamental idea of program extraction

6 / 68

The fundamental idea of program extraction

A proof is a construction, represented by a text or a finite tree, that convinces us that a formula is true.

6 / 68

The fundamental idea of program extraction

A proof is a construction, represented by a text or a finite tree, that convinces us that a formula is true. Often, a formula can also be understood as a computational problem.

6 / 68

The fundamental idea of program extraction

A proof is a construction, represented by a text or a finite tree, that convinces us that a formula is true. Often, a formula can also be understood as a computational problem. For example, the formula stating that there are infinitely many prime numbers, ∀x ∃y (y > x ∧ Prime(y)) can be understood as the problem of computing for every natural number x a prime number y that is greater than x.

6 / 68

The fundamental idea of program extraction

A proof is a construction, represented by a text or a finite tree, that convinces us that a formula is true. Often, a formula can also be understood as a computational problem. For example, the formula stating that there are infinitely many prime numbers, ∀x ∃y (y > x ∧ Prime(y)) can be understood as the problem of computing for every natural number x a prime number y that is greater than x. Program extraction is based on the observation that a proof not

• nly represents an argument why a formula is true but also contains

a program that solves the computational problem it expresses.

6 / 68

Minlog

http://www.mathematik.uni-muenchen.de/$\sim$logik/minlog/ Minlog is an interactive proof system that supports program extraction form proofs. The case studies on program extraction presented in this course have been carried out in Minlog. Minlog is under active development at the Universities of Munich (lead), Kyoto and Swansea.

7 / 68

Background Reading

[1] A S Troelstra, D van Dalen, Constructivism in Mathematics, Vol. I, N-H, 1988. [2] D van Dalen, Logic and Structure, 3rd edition, Springer, 1994. [3] B, K Miyamoto, H Schwichtenberg, M Seisenberger, Minlog - A Tool for Program Extraction for Supporting Algebra and Coalgebra, LNCS 6859, 2011. [4] B, From coinductive proofs to exact real arithmetic: theory and applications, Logical Methods in Comput. Sci. 7(1), 2011,

http://www.lmcs-online.org/ojs/viewarticle.php?id=704&layout=abstract [5] H Schwichtenberg, S S Wainer, Proofs and Computations, Cambridge University Press, 2012.

8 / 68

Logic and constructivism

◮ Predicate logic ◮ Peano Arithmetic ◮ Constructive proofs ◮ The Curry-Howard Correspondence

9 / 68

Predicate logic (a.k.a. first-order logic, FOL)

Gottlob Frege (1848 - 1925) Predicate logic was introduced by Frege in his Begriffsschrift.

10 / 68

The language of predicate logic

11 / 68

The language of predicate logic

Example: “Every positive number has a positive square root”

11 / 68

The language of predicate logic

Example: “Every positive number has a positive square root” ∀x (x > 0 → ∃y (y > 0 ∧ x = y ∗ y))

11 / 68

The language of predicate logic

Example: “Every positive number has a positive square root” ∀x (x > 0 → ∃y (y > 0 ∧ x = y ∗ y)) The language, L = (C, F, P), for this formula consists of Constants: C = {0} Function symbols: F = {∗} Predicate symbols: P = {>}

11 / 68

The language of predicate logic

Example: “Every positive number has a positive square root” ∀x (x > 0 → ∃y (y > 0 ∧ x = y ∗ y)) The language, L = (C, F, P), for this formula consists of Constants: C = {0} Function symbols: F = {∗} Predicate symbols: P = {>} The elements of L are also called non-logical symbols. The choice

• f L may vary depending on the intended application.

11 / 68

The language of predicate logic

Example: “Every positive number has a positive square root” ∀x (x > 0 → ∃y (y > 0 ∧ x = y ∗ y)) The language, L = (C, F, P), for this formula consists of Constants: C = {0} Function symbols: F = {∗} Predicate symbols: P = {>} The elements of L are also called non-logical symbols. The choice

• f L may vary depending on the intended application.

The other symbols occurring in a formula of predicate logic are application independent and are called logical symbols: Variables: x, y, . . . Logical constants: ⊤ (“true”), ‘⊥” (false) Logical connectives: ∧ (“and”), ∨ (“or”), → (“implies”) Quantifiers: ∀ (“for all”), ∃ (“exists”) Equality: = Negation can be defined as ¬A Def = A → ⊥

11 / 68

The semantics of predicate logic

Alfred Tarski (1901-1983) Tarski was the first to systematically study the notion of truth for formulas in predicate logic.

12 / 68

Models

A model (or structure) M for a language L = (C, F, P) consists

• f:

◮ a nonempty set M, called the carrier set of M ◮ an interpretation in M of

◮ the constants in C, ◮ the function symbols in F, ◮ the predicate symbols in P.

In a given model M, any L-formula is either true or false.

13 / 68

Truth, Validity, Logical Consequence

M | = A (formula A is true in model M, or M satisfies A) A is logically valid (| = A)

Def

= for all models M, M | = A. (A is true in all models) A is a logical consequence of a set of formulas Γ (Γ | = A)

Def

= for all models M, if M | = Γ, then M | = A. (A is true in all models of Γ, or Γ logically implies A) Where M | = Γ means M | = B for all B ∈ Γ.

14 / 68

Exercises

Let N be the structure of natural numbers {0, 1, 2, . . .} with the usual constants 0 and 1 and the operations of addition and multiplication. Let A Def = ∃z ∀x∀y (x + y = z → x = z)

15 / 68

Exercises

Let N be the structure of natural numbers {0, 1, 2, . . .} with the usual constants 0 and 1 and the operations of addition and multiplication. Let A Def = ∃z ∀x∀y (x + y = z → x = z)

• 1. Is A true in N?

15 / 68

Exercises

Let N be the structure of natural numbers {0, 1, 2, . . .} with the usual constants 0 and 1 and the operations of addition and multiplication. Let A Def = ∃z ∀x∀y (x + y = z → x = z)

• 1. Is A true in N?
• 2. Is A logically valid?

15 / 68

Exercises

Let N be the structure of natural numbers {0, 1, 2, . . .} with the usual constants 0 and 1 and the operations of addition and multiplication. Let A Def = ∃z ∀x∀y (x + y = z → x = z)

• 1. Is A true in N?
• 2. Is A logically valid?

Let A′ Def = ∃z ∀x (∃y (x + y = z) → x = z)

• 3. Is the formula A → A′ logically valid?

(That is, does {A′} | = A hold?)

15 / 68

Proofs

A proof system is a collection of rules to derive logically valid formulas. There are many different proof systems. A popular, due to Gentzen, is called Natural Deduction since its rules are close to natural human reasoning. Gerhard Gentzen (1909 - 1945)

16 / 68

Natural Deduction

Assumption rule u:A (assumptions are cancelled by →+ u : A) Introduction rules Elimination rules ∧ A B ∧+ A ∧ B A ∧ B ∧− l A A ∧ B ∧− r B → B →+u : A A → B A → B A →− B ∨ A ∨+ l A ∨ B B ∨+ r A ∨ B A ∨ B A → C B → C ∨− C ⊥ ⊥ efq A ¬¬A raa A

17 / 68

Quantifier rules

Introduction rules Elimination rules ∀ A(x)

∀+

∀x A(x) (*) ∀x A(x)

∀−

A(t) ∃ A(t)

∃+

∃x A(x) ∃x A(x) ∀x (A(x) → C)

∃−

C (**)

Variable conditions: (*) x must not occur free in any free (that is, uncancelled) assumption. (**) x must not occur free in C. Adding these rules to natural deduction yields a complete proof system.

18 / 68

Natural Deduction (version with explicit assumptions)

Assumption rule

use

Γ, A ⊢ A Introduction rules Elimination rules ∧ Γ ⊢ A Γ ⊢ B

∧+

Γ ⊢ A ∧ B Γ ⊢ A ∧ B

∧− l

Γ ⊢ A Γ ⊢ A ∧ B

∧− r

Γ ⊢ B → Γ, A ⊢ B

→+

Γ ⊢ A → B Γ ⊢ A → B Γ ⊢ A →− Γ ⊢ B ∨ Γ ⊢ A

∨+ l

Γ ⊢ A ∨ B Γ ⊢ B

∨+ r

Γ ⊢ A ∨ B Γ ⊢ A ∨ B Γ ⊢ A → C Γ ⊢ B → C

∨−

Γ ⊢ C ⊥ Γ ⊢ ⊥ efq Γ ⊢ A Γ ⊢ ¬¬A raa Γ ⊢ A ∀ Γ ⊢ A(x)

∀+

Γ ⊢ ∀x A(x) (x not free in Γ) Γ ⊢ ∀x A(x)

∀−

Γ ⊢ A(t) ∃ Γ ⊢ A(t)

∃+

Γ ⊢ ∃x A(x) Γ ⊢ ∃x A(x) Γ ⊢ ∀x (A(x) → C)

∃−

Γ ⊢ C (x not free in Γ, C) 19 / 68

Equality rules (both versions)

Introduction rule Elimination rule = t = t A(s) s = t A(t) Introduction rule Elimination rule = Γ ⊢ t = t Γ ⊢ A(s) Γ ⊢ s = t Γ ⊢ A(t) Symmetry and transitivity of equality can be derived from these rules.

20 / 68

Example

u : A ∧ B → C v : A w : B

∧+

A ∧ B

→−

C

→+w : B

B → C

→+v : A

A → (B → C)

→+u : A ∧ B → C

(A ∧ B → C) → (A → (B → C))

21 / 68

Example

u : A ∨ B v : A

∨+ r

B ∨ A

→+v : A

A → B ∨ A w : B

∨+ l

B ∨ A

→+w : B

B → B ∨ A ∨− B ∨ A

→+u : A ∨ B

A ∨ B → B ∨ A Exercise Prove the Law of Excluded Middle: A ∨ ¬A.

22 / 68

Completeness

In 1929 Kurt G¨

• del proved that there is a sound and complete

proof calculus for first-order logic (equivalent to natural deduction): Completeness Theorem A formula in first-order logic is logically valid if and only it is provable. | = A ⇔ ⊢ A Kurt G¨

• del (1906-1978)

23 / 68

Undecidability

Church and Turing independently proved that it is undecidable whether a formula in predicate logic is valid, thus answering Hilbert’s “Entscheidungsproblem” negatively. David Hilbert Alonzo Church Alan Turing(1) (1862 - 1943) (1903 - 1995) (1912 - 1954) By G¨

• del’s Completeness theorem there is at list an automatic procedure

that generates, one by one, all valid formulas (since proofs can be automatically generated). (1) picture computer generated by Arnold Beckmann

24 / 68

Peano Arithmetic

In order to prove statements that are true in the structure N of natural numbers, Peano introduced the following axioms: Peano 1 ∀x (x + 1 = 0) Peano 2 ∀x, y (x + 1 = y + 1 → x = y) Peano 3 (Induction) For every formula A(x): A(0) ∧ ∀x(A(x) → A(x + 1)) → ∀x A(x) Giuseppe Peano (1858 - 1932) The set of theorems provable from the Peano Axioms is called Peano Arithmetic (PA).

25 / 68

Complexity of PA vs. truth in N

26 / 68

Complexity of PA vs. truth in N

All theorems of PA are true in N but not conversely.

26 / 68

Complexity of PA vs. truth in N

All theorems of PA are true in N but not conversely. By definition, the theorems of PA are effectively enumerable.

26 / 68

Complexity of PA vs. truth in N

All theorems of PA are true in N but not conversely. By definition, the theorems of PA are effectively enumerable. In contrast, the set ThN of formulas that are true in N is not effectively enumerable.

26 / 68

Complexity of PA vs. truth in N

All theorems of PA are true in N but not conversely. By definition, the theorems of PA are effectively enumerable. In contrast, the set ThN of formulas that are true in N is not effectively enumerable. By Tarski’s Undefinability Theorem ThN is not even definable by an arithmetic formula (Tarski).

26 / 68

Complexity of PA vs. truth in N

All theorems of PA are true in N but not conversely. By definition, the theorems of PA are effectively enumerable. In contrast, the set ThN of formulas that are true in N is not effectively enumerable. By Tarski’s Undefinability Theorem ThN is not even definable by an arithmetic formula (Tarski). Therefore, there is a huge gap between PA and ThN .

26 / 68

Classical logic

27 / 68

Classical logic

Predicate logic, with Tarskian semantics and the complete proof calculus, is often called classical logic because it is the most traditional and widely used logic.

27 / 68

Classical logic

Predicate logic, with Tarskian semantics and the complete proof calculus, is often called classical logic because it is the most traditional and widely used logic. In classical logic the Law of Excluded Middle is valid (and hence provable): A ∨ ¬A

27 / 68

Intuitionistic logic

28 / 68

Intuitionistic logic

The constructive understanding of a proof of a disjunction A ∨ B includes an effective procedure that determines which of A or B is true.

28 / 68

Intuitionistic logic

The constructive understanding of a proof of a disjunction A ∨ B includes an effective procedure that determines which of A or B is true. Therefore, the classically valid law of excluded middle, A ∨ ¬A, is rejected by constructivists since, as we have seen, there is no effective procedure the decides, for any formula A, whether A or ¬A holds.

28 / 68

Intuitionistic logic

The constructive understanding of a proof of a disjunction A ∨ B includes an effective procedure that determines which of A or B is true. Therefore, the classically valid law of excluded middle, A ∨ ¬A, is rejected by constructivists since, as we have seen, there is no effective procedure the decides, for any formula A, whether A or ¬A holds. A constructive alternative to classical logic is intuitionistic logic which is obtained from classical logic by removing the principle of proof by contradiction (¬¬A → A, that is, raa) from natural deduction.

28 / 68

Intuitionistic logic

The constructive understanding of a proof of a disjunction A ∨ B includes an effective procedure that determines which of A or B is true. Therefore, the classically valid law of excluded middle, A ∨ ¬A, is rejected by constructivists since, as we have seen, there is no effective procedure the decides, for any formula A, whether A or ¬A holds. A constructive alternative to classical logic is intuitionistic logic which is obtained from classical logic by removing the principle of proof by contradiction (¬¬A → A, that is, raa) from natural deduction. We write Γ ⊢i A if A is provable from Γ in intuitionistic logic.

28 / 68

Disjunction and Existence Theorem for intuitionistic logic

Disjunction Theorem for Intuitionistic logic If ⊢i A ∨ B, then ⊢i A or ⊢i B. Existence Theorem for Intuitionistic logic From an intuitionistic proof of a formula of the form ∃x A(x) one can extract a term t such that A(t) is provable.

29 / 68

Disjunction and Existence Theorem for intuitionistic logic

Disjunction Theorem for Intuitionistic logic If ⊢i A ∨ B, then ⊢i A or ⊢i B. Existence Theorem for Intuitionistic logic From an intuitionistic proof of a formula of the form ∃x A(x) one can extract a term t such that A(t) is provable. Corresponding theorems for classical logic do not hold. However, we have Herbrand’s Theorem From a classical proof of a formula of the form ∃x A(x), A quantifier free, one can extract finitely many terms t1, . . . tn such that A(t1) ∨ . . . ∨ A(tn) is (classically) provable.

29 / 68

Heyting Arithmetic

Peano Arithmetic with intuitionistic logic is called Heyting Arithmetic, HA. Arendt Heyting (1898 - 1980)

30 / 68

Heyting Arithmetic

Peano Arithmetic with intuitionistic logic is called Heyting Arithmetic, HA. Arendt Heyting (1898 - 1980) In HA:

◮ The Disjunction and Existence Theorems continue to hold.

30 / 68

Heyting Arithmetic

Peano Arithmetic with intuitionistic logic is called Heyting Arithmetic, HA. Arendt Heyting (1898 - 1980) In HA:

◮ The Disjunction and Existence Theorems continue to hold. ◮ The (universally generalized) law of excluded middle

∀ x (A( x) ∨ ¬A( x)) is provable for all quantifier free formulas A( x).

30 / 68

Heyting Arithmetic

Peano Arithmetic with intuitionistic logic is called Heyting Arithmetic, HA. Arendt Heyting (1898 - 1980) In HA:

◮ The Disjunction and Existence Theorems continue to hold. ◮ The (universally generalized) law of excluded middle

∀ x (A( x) ∨ ¬A( x)) is provable for all quantifier free formulas A( x).

◮ More generally, HA and PA prove the same Π0 2 formulas, that

is, formulas of the form ∀ x ∃ y A( x, y), A( x, y) quantifier free (Parsons).

30 / 68

Semantics of Intuitionistic logic

Intuitionistic logic is incomplete w.r.t. Tarskian semantics, since the law

• f excluded middle is not provable.

However, there are other styles of semantics for which intuitionistic logic is complete and which better bring to light its constructive nature. We study an interpretation due to Brouwer, Heyting, and Kolmogorov. Luitzen Egbertus Jan Brouwer Andrey Nikolaevich Kolmogorov (1881 - 1966) (1903 - 1987)

31 / 68

The BHK interpretation

According to the BHK interpretation a formula expresses a computational problem which is defined by a description of how to solve it: A solution to A ∧ B is a pair (a, b) such that a solves A and b solves B. A solution to A ∨ B is either (0, a) where a solves A

• r (1, b) where b solves B.

A solution to A → B is a construction that transforms any solution of A to a solution of B.

32 / 68

The lambda calculus

In the BHK interpretation it is left open what a “construction” is. Church’s lambda calculus provides a good notion of construction: The lambda calculus consists of

◮ lambda terms generated by the rules

x Variables λx . M lambda-abstraction M N Application

◮ beta-reduction

(λx . M)N →β M[N/x] M[N/x] denotes substitution of the term N for x in the term M. One usually writes M N K for (M N) K.

33 / 68

Lambda calculus with types

Types are like propositional formulas with → as the only connective. Let Γ = x1 : A1, . . . xn, : An be a context, that is a type assignment to variables. We define inductively the relation Γ ⊢ M : A (M has type A in context Γ). Γ, x : A ⊢ x : A Γ, x : A ⊢ M : B Γ ⊢ λx M : A → B Γ ⊢ M : A → B Γ ⊢ N : A Γ ⊢ M N : B

34 / 68

β-reduction and -equality

Theorem β-reduction is strongly normalizing, that is, every reduction sequence M1 →β M2 →β M3, . . . terminates. Theorem β-reduction is confluent, that is, if M →∗

β N1 and M →∗ β N2, then

there exists a term N such that N1 →∗

β N and N2 →∗ β N.

Theorem The relation of β-equality, defined by M =β N :⇔ ∃K (M →∗

β K ∧ N →∗ β K)

is decidable.

35 / 68

Extension to products and sums

Γ ⊢ M : A Γ ⊢ N : B Γ ⊢ (M, N) : A × B Γ ⊢ M : A × B Γ ⊢ π0(M) : A Γ ⊢ M : A × B Γ ⊢ π1(M) : B Γ ⊢ M : A Γ ⊢ (0, M) : A + B Γ ⊢ M : B Γ ⊢ (1, M) : A + B Γ ⊢ M : A + B Γ ⊢ N : A → C Γ ⊢ K : B → C Γ ⊢ case(M, N, K) π0(M, N) →β M π1(M, N) →β N case((0, M), N, K) →β N M case((1, M), N, K) →β K M

36 / 68

The Curry-Howard correspondence

The Curry-Howard correspondence is the observation that intuitionistic natural deduction proofs are in a natural correspondence with the typed lambda calculus or the typed combinator calculus. Since typed lambda terms are the core of functional programming languages such as ML and Haskell (named after Haskell B Curry)

• ne can also say that intuitionistic proofs correspond to programs.

Haskell B Curry (1900-1982)

37 / 68

Intuitionistic ND proofs vs typed lambda calculus

A B A ∧ B M : A N : B (M, N) : A × B A ∧ B A A ∧ B B M : A × B π0(M) : A M : A × B π1(M) : B B →+ u : A A → B M : B λx M : A → B A → B A B M : A → B N : B M N : B A A ∨ B B A ∨ B M : A (0, M) : A ∨ B M : B (1, M) : A ∨ B A ∨ B A → C B → C C M : A ∨ B N : A → C K : B → C case(M, N, K) : C

38 / 68

Proofs as Programs

◮ Realizability ◮ Strictly positive induction ◮ Realizability of induction ◮ Coinduction ◮ Classical axioms

39 / 68

Realizability

Realizability attaches meaning to the Curry-Howard correspondence.

40 / 68

Realizability

Realizability attaches meaning to the Curry-Howard correspondence. Intuitively: If M : A (that is, M codes an intuitionistic ND proof of A), then M solves the problem A according to the BHK-interpretation.

40 / 68

Realizability

Realizability attaches meaning to the Curry-Howard correspondence. Intuitively: If M : A (that is, M codes an intuitionistic ND proof of A), then M solves the problem A according to the BHK-interpretation. This intuition is made precise in Kleene’s realizability interpretation

• f HA by numbers (’numerical realizability’, 1945).

40 / 68

Realizability

Realizability attaches meaning to the Curry-Howard correspondence. Intuitively: If M : A (that is, M codes an intuitionistic ND proof of A), then M solves the problem A according to the BHK-interpretation. This intuition is made precise in Kleene’s realizability interpretation

• f HA by numbers (’numerical realizability’, 1945).

Stephen Kleene (1909 - 1994)

40 / 68

Kleene’s numerical realizability

For every closed formula A and every natural number e one defines what it means for e to realize A, e r A. e r A ≡ A (A atomic) e r (A ∧ B) ≡ e = P(a, b) ∧ a r A ∧ b r B e r (A → B) ≡ ∀a (a r A → {e}(a) r B) e r (A ∨ B) ≡ (e = P(0, a) ∧ a r A) ∨ (e = P(1, b) ∧ b r B) e r (∀x A(x)) ≡ ∀n ({e}(n) r A(n)) e r (∃x A(x)) ≡ e = P(n, a) ∧ a r A(n) where P : N × N → N is some computable bijection, and {e}(a) r B means that the partial recursive function (or Turing machine) with code e when applied to a terminates with some number b ∈ N such that b r B.

41 / 68

Soundness Theorem

If HA ⊢ A, then e r A for some e.

42 / 68

Soundness Theorem

If HA ⊢ A, then e r A for some e. Remarks:

• 1. The proof of the Soundness Theorem proceeds by induction
• n the given derivation of HA ⊢ A.
• 2. For the logical rules the extracted realizer e is essentially a

code of the corresponding Curry-Howard lambda-term.

• 3. For the induction axiom the extracted realizer codes a

primitive recursion (iterator).

• 4. In a formalized version of realizability the correctness of the

extracted realizer can again be proven in HA, in other words: If HA ⊢ A, then HA ⊢ e r A for some e.

42 / 68

Variants of realizability

◮ Modified realizability (Kreisel): Realizers are total functionals

• f finite types.

◮ Realizability with truth (q-realizability): Can be used to prove

disjunction and existence property.

◮ Extensions to finite type arithmetic (HAω) and second-order

arithmetic (HASω).

◮ Partial Combinatory Algebra (PCA) as space of (potential)

realizers (instead of natural numbers).

◮ Realizability for set theory (McCarty, Rathjen) ◮ Realizability topos (Hyland) ◮ Realizability with assemblies (Bauer) ◮ Realizability for decorated formulas (Schwichtenberg)

. . .

43 / 68

Program extraction for HA

Assume HA ⊢ ∀x ∃y A(x, y) where A(x, y) is atomic.

44 / 68

Program extraction for HA

Assume HA ⊢ ∀x ∃y A(x, y) where A(x, y) is atomic. Then HA ⊢ e r (∀x ∃y A(x, y)), for some e, by Soundness.

44 / 68

Program extraction for HA

Assume HA ⊢ ∀x ∃y A(x, y) where A(x, y) is atomic. Then HA ⊢ e r (∀x ∃y A(x, y)), for some e, by Soundness. This means HA ⊢ ∀n A(n, proj1({e}(n))), that is, the function f (n) Def = proj1({e}(n)) solves the computational problem expressed by the formula ∀x ∃y A(x, y).

44 / 68

Program extraction for HA

Assume HA ⊢ ∀x ∃y A(x, y) where A(x, y) is atomic. Then HA ⊢ e r (∀x ∃y A(x, y)), for some e, by Soundness. This means HA ⊢ ∀n A(n, proj1({e}(n))), that is, the function f (n) Def = proj1({e}(n)) solves the computational problem expressed by the formula ∀x ∃y A(x, y). We will try to generalize/improve this method of program extraction to

◮ abstract structures (instead of only natural numbers)

44 / 68

Program extraction for HA

Assume HA ⊢ ∀x ∃y A(x, y) where A(x, y) is atomic. Then HA ⊢ e r (∀x ∃y A(x, y)), for some e, by Soundness. This means HA ⊢ ∀n A(n, proj1({e}(n))), that is, the function f (n) Def = proj1({e}(n)) solves the computational problem expressed by the formula ∀x ∃y A(x, y). We will try to generalize/improve this method of program extraction to

◮ abstract structures (instead of only natural numbers) ◮ stronger axioms (instead of only induction on natural

numbers)

44 / 68

Program extraction for HA

Assume HA ⊢ ∀x ∃y A(x, y) where A(x, y) is atomic. Then HA ⊢ e r (∀x ∃y A(x, y)), for some e, by Soundness. This means HA ⊢ ∀n A(n, proj1({e}(n))), that is, the function f (n) Def = proj1({e}(n)) solves the computational problem expressed by the formula ∀x ∃y A(x, y). We will try to generalize/improve this method of program extraction to

◮ abstract structures (instead of only natural numbers) ◮ stronger axioms (instead of only induction on natural

numbers)

◮ limited classical logic and choice principles

44 / 68

Program extraction for HA

Assume HA ⊢ ∀x ∃y A(x, y) where A(x, y) is atomic. Then HA ⊢ e r (∀x ∃y A(x, y)), for some e, by Soundness. This means HA ⊢ ∀n A(n, proj1({e}(n))), that is, the function f (n) Def = proj1({e}(n)) solves the computational problem expressed by the formula ∀x ∃y A(x, y). We will try to generalize/improve this method of program extraction to

◮ abstract structures (instead of only natural numbers) ◮ stronger axioms (instead of only induction on natural

numbers)

◮ limited classical logic and choice principles ◮ programs in a realistic programming language (instead of

codes e)

44 / 68

Program extraction for HA

Assume HA ⊢ ∀x ∃y A(x, y) where A(x, y) is atomic. Then HA ⊢ e r (∀x ∃y A(x, y)), for some e, by Soundness. This means HA ⊢ ∀n A(n, proj1({e}(n))), that is, the function f (n) Def = proj1({e}(n)) solves the computational problem expressed by the formula ∀x ∃y A(x, y). We will try to generalize/improve this method of program extraction to

◮ abstract structures (instead of only natural numbers) ◮ stronger axioms (instead of only induction on natural

numbers)

◮ limited classical logic and choice principles ◮ programs in a realistic programming language (instead of

codes e)

◮ simpler programs

44 / 68

Embracing abstract mathematics

45 / 68

Embracing abstract mathematics

Kleene realizability is chained to concrete computational structures since in the clauses for quantifiers the elements of the structure are

45 / 68

Embracing abstract mathematics

Kleene realizability is chained to concrete computational structures since in the clauses for quantifiers the elements of the structure are

◮ used as inputs of programs:

e r (∀x A(x)) ≡ ∀n ({e}(n) r A(n))

45 / 68

Embracing abstract mathematics

Kleene realizability is chained to concrete computational structures since in the clauses for quantifiers the elements of the structure are

◮ used as inputs of programs:

e r (∀x A(x)) ≡ ∀n ({e}(n) r A(n))

◮ and returned as outputs of programs:

e r (∃x A(x)) ≡ e = P(n, a) ∧ a r A(n)

45 / 68

Embracing abstract mathematics

Kleene realizability is chained to concrete computational structures since in the clauses for quantifiers the elements of the structure are

◮ used as inputs of programs:

e r (∀x A(x)) ≡ ∀n ({e}(n) r A(n))

◮ and returned as outputs of programs:

e r (∃x A(x)) ≡ e = P(n, a) ∧ a r A(n) The chains are broken by interpreting quantifiers uniformly: a r ∀x A(x) ≡ ∀x a r A(x) a r ∃x A(x) ≡ ∃x a r A(x)

45 / 68

Embracing abstract mathematics

Kleene realizability is chained to concrete computational structures since in the clauses for quantifiers the elements of the structure are

◮ used as inputs of programs:

e r (∀x A(x)) ≡ ∀n ({e}(n) r A(n))

◮ and returned as outputs of programs:

e r (∃x A(x)) ≡ e = P(n, a) ∧ a r A(n) The chains are broken by interpreting quantifiers uniformly: a r ∀x A(x) ≡ ∀x a r A(x) a r ∃x A(x) ≡ ∃x a r A(x) This uniform interpretation of quantifiers is also used for interpreting second-order arithmetic and set theory. In addition to uniform quantifiers, Minlog permits uniform versions

• f propositional connectives (decorated formulas).

45 / 68

Embracing abstract mathematics

Kleene realizability is chained to concrete computational structures since in the clauses for quantifiers the elements of the structure are

◮ used as inputs of programs:

e r (∀x A(x)) ≡ ∀n ({e}(n) r A(n))

◮ and returned as outputs of programs:

e r (∃x A(x)) ≡ e = P(n, a) ∧ a r A(n) The chains are broken by interpreting quantifiers uniformly: a r ∀x A(x) ≡ ∀x a r A(x) a r ∃x A(x) ≡ ∃x a r A(x) This uniform interpretation of quantifiers is also used for interpreting second-order arithmetic and set theory. In addition to uniform quantifiers, Minlog permits uniform versions

• f propositional connectives (decorated formulas).

Kleene’s interpretation of quantifiers can be recovered by relativization.

45 / 68

Simplifyng realizers

46 / 68

Simplifyng realizers

If A is disjunction free, then it has no computational content, that is, the potential realizers of A are trivial and e r A ≡ A

46 / 68

Simplifyng realizers

If A is disjunction free, then it has no computational content, that is, the potential realizers of A are trivial and e r A ≡ A Therefore, in that case the realizability of A ∧ B and A → B can be simplified:

46 / 68

Simplifyng realizers

If A is disjunction free, then it has no computational content, that is, the potential realizers of A are trivial and e r A ≡ A Therefore, in that case the realizability of A ∧ B and A → B can be simplified: Instead of e r (A ∧ B) ≡ e = P(a, b) ∧ a r A ∧ b r B f r (A → B) ≡ ∀a (a r A → f (a) r B)

46 / 68

Simplifyng realizers

If A is disjunction free, then it has no computational content, that is, the potential realizers of A are trivial and e r A ≡ A Therefore, in that case the realizability of A ∧ B and A → B can be simplified: Instead of e r (A ∧ B) ≡ e = P(a, b) ∧ a r A ∧ b r B f r (A → B) ≡ ∀a (a r A → f (a) r B) we define b r (A ∧ B) ≡ A ∧ b r B b r (A → B) ≡ A → b r B

46 / 68

Induction

Recall induction on natural numbers: P(0) ∀x (P(x) → P(x + 1)) ∀x ∈ N P(x)

47 / 68

Induction

Recall induction on natural numbers: P(0) ∀x (P(x) → P(x + 1)) ∀x ∈ N P(x) Assume “n r N(x)” is defined as “n is the unary representation of x ∈ N”.

47 / 68

Induction

Recall induction on natural numbers: P(0) ∀x (P(x) → P(x + 1)) ∀x ∈ N P(x) Assume “n r N(x)” is defined as “n is the unary representation of x ∈ N”. Then induction is realized as follows: a r P(0) f r (∀x (P(x) → P(x + 1))) It(a, f ) r (∀x ∈ N P(x))

47 / 68

Induction

Recall induction on natural numbers: P(0) ∀x (P(x) → P(x + 1)) ∀x ∈ N P(x) Assume “n r N(x)” is defined as “n is the unary representation of x ∈ N”. Then induction is realized as follows: a r P(0) f r (∀x (P(x) → P(x + 1))) It(a, f ) r (∀x ∈ N P(x)) where

◮ a : τ(P)

(τ(P) = type of realizers of P) ,

◮ f : τ(P) → τ(P)

47 / 68

Induction

Recall induction on natural numbers: P(0) ∀x (P(x) → P(x + 1)) ∀x ∈ N P(x) Assume “n r N(x)” is defined as “n is the unary representation of x ∈ N”. Then induction is realized as follows: a r P(0) f r (∀x (P(x) → P(x + 1))) It(a, f ) r (∀x ∈ N P(x)) where

◮ a : τ(P)

(τ(P) = type of realizers of P) ,

◮ f : τ(P) → τ(P)

and It(a, f ) : N → τ(P) is defined recursively by It(a, f )(0) = a It(a, f )(n + 1) = f (It(a, f )(n))

47 / 68

Other forms of induction

48 / 68

Other forms of induction

Induction on natural numbers is a special case of a more general form of induction which also includes, for example:

48 / 68

Other forms of induction

Induction on natural numbers is a special case of a more general form of induction which also includes, for example: Induction on lists, trees, . . . P([]) ∀x ∈ A ∀l (P(l) → P(x : l)) ∀x ∈ List(A) P(x)

48 / 68

Other forms of induction

Induction on natural numbers is a special case of a more general form of induction which also includes, for example: Induction on lists, trees, . . . P([]) ∀x ∈ A ∀l (P(l) → P(x : l)) ∀x ∈ List(A) P(x) Induction on ordinals (or any wellfounded relation <) ∀x ((∀y < x P(y)) → P(x)) ∀x < α P(x)

48 / 68

Other forms of induction

Induction on natural numbers is a special case of a more general form of induction which also includes, for example: Induction on lists, trees, . . . P([]) ∀x ∈ A ∀l (P(l) → P(x : l)) ∀x ∈ List(A) P(x) Induction on ordinals (or any wellfounded relation <) ∀x ((∀y < x P(y)) → P(x)) ∀x < α P(x) Bar induction . . .

48 / 68

A unifying approach: Monotone induction

49 / 68

A unifying approach: Monotone induction

Let U be a set and P(U) the powerset of U.

49 / 68

A unifying approach: Monotone induction

Let U be a set and P(U) the powerset of U. An operator Φ : P(X) → P(X) is monotone if for all X, Y ∈ P(U) X ⊆ Y → Φ(X) ⊆ Φ(Y )

49 / 68

A unifying approach: Monotone induction

Let U be a set and P(U) the powerset of U. An operator Φ : P(X) → P(X) is monotone if for all X, Y ∈ P(U) X ⊆ Y → Φ(X) ⊆ Φ(Y ) Every monotone operator Φ : P(X) → P(X) has a least fixed point, µ(Φ) ∈ P(U), which can be defined by µ(Φ) Def =

• {X ∈ P(U) | Φ(X) ⊆ X}

49 / 68

A unifying approach: Monotone induction

Let U be a set and P(U) the powerset of U. An operator Φ : P(X) → P(X) is monotone if for all X, Y ∈ P(U) X ⊆ Y → Φ(X) ⊆ Φ(Y ) Every monotone operator Φ : P(X) → P(X) has a least fixed point, µ(Φ) ∈ P(U), which can be defined by µ(Φ) Def =

• {X ∈ P(U) | Φ(X) ⊆ X}

but also by µ(Φ) Def =

• {Φα(∅) | α ∈ Ordinals}

49 / 68

Closure and induction

One can show (exercise) that indeed µ(Φ) is a fixed point of Φ, that is, Φ(µ(Φ)) = µ(Φ)

50 / 68

Closure and induction

One can show (exercise) that indeed µ(Φ) is a fixed point of Φ, that is, Φ(µ(Φ)) = µ(Φ) Moreover, µ(Φ) is the least element of pfp(Φ) Def = {X ∈ P(U) | Φ(X) ⊆ X}

50 / 68

Closure and induction

One can show (exercise) that indeed µ(Φ) is a fixed point of Φ, that is, Φ(µ(Φ)) = µ(Φ) Moreover, µ(Φ) is the least element of pfp(Φ) Def = {X ∈ P(U) | Φ(X) ⊆ X} which means that the following rules hold: Cl Φ(µ(Φ)) ⊆ µ(Φ) Φ(X) ⊆ X Ind µ(Φ) ⊆ X

50 / 68

Formalizing induction

We add to the language of predicate logic predicate variables X, Y , . . .. Atomic formulas can now also be of the form X( t). If A(X, x) is a formula where x is a tuple of individual variables and the predicate variable X occurs only strictly positively, that is, not on the left hand side of an implications, then we can form the predicate λ x A(X, x) and the monotone operator Φ Def = λXλ x A(X, x) and formally introduce the predicate µ(Φ) with the intention that it denotes the least fixed point of Φ. We express this intention by adding the derivation rules Cl Φ(µ(Φ)) ⊆ µ(Φ) Φ(P) ⊆ P Ind µ(Φ) ⊆ P For every predicate P definable in the language.

51 / 68

Example: Natural numbers

Consider a disjunction-free first-order axiomatization of real closed fields (with the real numbers as intended model). In particular we have the constants, functions and relation symbols 0, 1, +, ∗, | · |, <, . . . with the expected axioms.

52 / 68

Example: Natural numbers

Consider a disjunction-free first-order axiomatization of real closed fields (with the real numbers as intended model). In particular we have the constants, functions and relation symbols 0, 1, +, ∗, | · |, <, . . . with the expected axioms. We define the natural numbers as the least predicate that contains 0 and is closed under the (+1) operation: N Def = µ(Φ) where Φ = λX λx (x = 0 ∨ ∃y(X(y) ∧ x = y + 1))

52 / 68

Example: Natural numbers

Consider a disjunction-free first-order axiomatization of real closed fields (with the real numbers as intended model). In particular we have the constants, functions and relation symbols 0, 1, +, ∗, | · |, <, . . . with the expected axioms. We define the natural numbers as the least predicate that contains 0 and is closed under the (+1) operation: N Def = µ(Φ) where Φ = λX λx (x = 0 ∨ ∃y(X(y) ∧ x = y + 1)) Equivalently, Φ = λX λx (x = 0 ∨ X(x − 1)).

52 / 68

Example: Natural numbers

Consider a disjunction-free first-order axiomatization of real closed fields (with the real numbers as intended model). In particular we have the constants, functions and relation symbols 0, 1, +, ∗, | · |, <, . . . with the expected axioms. We define the natural numbers as the least predicate that contains 0 and is closed under the (+1) operation: N Def = µ(Φ) where Φ = λX λx (x = 0 ∨ ∃y(X(y) ∧ x = y + 1)) Equivalently, Φ = λX λx (x = 0 ∨ X(x − 1)). We use the following short notation for the definition of N: N(x)

µ

= x = 0 ∨ N(x − 1)

52 / 68

Induction on N

Recall that N = µ(Φ) where Φ = λX λx (x = 0 ∨ X(x − 1)). Let’s work out the meaning of the rules Cl Φ(N) ⊆ N Φ(P) ⊆ P Ind N ⊆ P Φ(N) ⊆ N means ∀x (N(x) → x = 0 ∨ N(x − 1)) which is equivalent to N(0) ∧ ∀x (N(x) → N(x + 1)) Φ(P) ⊆ P means ∀x (x = 0 ∨ P(x − 1) → P(x)) which is equivalent to P(0) ∧ ∀x (P(x) → P(x + 1)) Therefore, the induction rule is nothing but the familiar P(0) ∀x (P(x) → P(x + 1)) Ind ∀x ∈ N P(x)

53 / 68

Realizability of inductive definitions

R(µ(Φ)) Def = µ(R(Φ)) where for Φ = λXλ x A(X, x) we introduce a new predicate variable ˜ X with one argument place for realizers and set a r X( t)

Def

= ˜ X( t, a) R(Φ)

Def

= λ ˜ Xλ( x, a) a r A(X, x)

54 / 68

Realizability of inductive definitions

R(µ(Φ)) Def = µ(R(Φ)) where for Φ = λXλ x A(X, x) we introduce a new predicate variable ˜ X with one argument place for realizers and set a r X( t)

Def

= ˜ X( t, a) R(Φ)

Def

= λ ˜ Xλ( x, a) a r A(X, x) For N this works out as a r N(x)

µ

= (a = (0, Nil) ∧ x = 0) ∨ (a = (1, b) ∧ b r N(x − 1)) If we define numerals as 0 = (0, Nil), n + 1 = (1, n), we see that a r x iff x ∈ N and a is the numeral representing x.

54 / 68

Realizability of closure and induction

Φ = λXλ x A(X, x)

55 / 68

Realizability of closure and induction

Φ = λXλ x A(X, x) It is easy to see that (λa a) r (Φ(µ(Φ)) ⊆ µ(Φ)).

55 / 68

Realizability of closure and induction

Φ = λXλ x A(X, x) It is easy to see that (λa a) r (Φ(µ(Φ)) ⊆ µ(Φ)). s r (Φ(P) ⊆ P) g r (µ(Φ) ⊆ P) where g is defined recursively as g = s ◦ (map g) (◦ means composition) and map is a term such that map r ((X ⊆ Y ) → Φ(X) ⊆ Φ(Y )). map can be constructed by induction on A using the fact that X may only occur strictly positive in A.

55 / 68

Realizability of induction on natural numbers

g = s ◦ (map g), that is, g a = s (map g a) Φ = λXλx (x = 0 ∨ X(x − 1)) map s (0, Nil) = (0, Nil), map s (1, a) = (1, s a). a r P(0), f r (∀x (P(x) → P(x + 1)). s (0, Nil) = a, s (1, a) = f a. Therefore, g (0, Nil) = s (0, Nil) = a g (1, a) = s (1, g a) = f (g a) That is, g = It(a, f ).

56 / 68

Coinduction

Instead of least fixed points, µ(Φ), one can also consider greatest fixed points, ν(Φ). Cocl ν(Φ) → Φ(ν(Φ)) P ⊆ Φ(P) Coind P ⊆ ν(Φ) s r (P ⊆ Φ(P)) g r (P ⊆ µ(Φ)) where g is defined recursively as g = (map g) ◦ s

57 / 68

Soundness for IFP

We call our system of intuitionistic predicate logic with inductive and coinductive definitions IFP (Intuitionistic Fixed Point Logic).

58 / 68

Soundness for IFP

We call our system of intuitionistic predicate logic with inductive and coinductive definitions IFP (Intuitionistic Fixed Point Logic). RIFP is the extension of IFP by a sort for realizers and axioms describing the equational theory of programs.

58 / 68

Soundness for IFP

We call our system of intuitionistic predicate logic with inductive and coinductive definitions IFP (Intuitionistic Fixed Point Logic). RIFP is the extension of IFP by a sort for realizers and axioms describing the equational theory of programs. Theorem If Γ ⊢IFP A, where the ’extra axioms’ Γ are disjunction free, then Γ ⊢RIFP M r A for some program M.

58 / 68

Example: Addition on N

59 / 68

Example: Addition on N

Theorem N(x) ∧ N(y) → N(x + y)

59 / 68

Example: Addition on N

Theorem N(x) ∧ N(y) → N(x + y) The extracted program implements addition on natural numbers in unary representation.

59 / 68

Example: Addition on N

Theorem N(x) ∧ N(y) → N(x + y) The extracted program implements addition on natural numbers in unary representation. This implementation satisfies associativity and commutativity, since + has these properties (by the axioms) and elements of N and their unary representations are in a one-to-one correspondence.

59 / 68

Example: Cauchy reals

Let Q(x) mean that x is a rational number (definable using N). A(x) ν = ∃q ∈ Q |x − q| ≤ 1 ∧ A(2x) Then a r A(x) iff a is an infinite stream of rational numbers, a = (q0, (q1, (q2 . . . such that |x − qn| ≤ 2n for all n.

60 / 68

Example: Continuous real functions

Let I Def = [−1, 1], SD Def = {−1, 0, 1}. For i ∈ SD define avi : II by avi(x) = (x + i)/2. Let F, G range over subsets of II. Define C1

Def

= ν(λF µ(λG {g ∈ II | (∃i ∈ SD ∃f ∈ II (g = avi ◦ f ∧ F(f ))) ∨ ∀j ∈ SD G(g ◦ avj)} Theorem C1(f ) iff f is uniformly continuous. The extracted program translates between the usual constructive representation of uniformly continuous functions (encoded in a suitable definition of the predicate “f is uniformly continuous”) and a tree representation that is completely free of any function component (similar to the stream representation of reals).

61 / 68

Proof theory of inductive/coinductive definitions

Inductive definitions add considerable strength to a theory. Our full system, with classical logic, has the proof-theoretic strength of Π1

2-comprehension as shown by M¨

• llerfeld (2003)

Tupailo (2004) showed that the corresponding intuitionistic system has the same strength. Restricting to unnested (but iterated) inductive definitions one

• btains the system ID<ω (Buchholz, Feferman, Pohlers, Sieg,

1981).

62 / 68

Classical axioms

63 / 68

Classical axioms

According to the Soundness Theorem for IFP one may admit classical disjunction-free axioms if one is satisfied that the correctness of the extracted program depends on the truth of these axioms.

63 / 68

Classical axioms

According to the Soundness Theorem for IFP one may admit classical disjunction-free axioms if one is satisfied that the correctness of the extracted program depends on the truth of these axioms. Hence we may for example use stability of equality ∀x, y (¬¬x = y → x = y) for real numbers

63 / 68

Classical axioms

According to the Soundness Theorem for IFP one may admit classical disjunction-free axioms if one is satisfied that the correctness of the extracted program depends on the truth of these axioms. Hence we may for example use stability of equality ∀x, y (¬¬x = y → x = y) for real numbers Very useful are Skolem axioms (Avigad 2002) that introduce for every disjunction-free formula A( x, y) a new function symbol f and the axiom ∀ x ∀y (A( x, y) → A( x, f ( x))

63 / 68

Classical axioms

According to the Soundness Theorem for IFP one may admit classical disjunction-free axioms if one is satisfied that the correctness of the extracted program depends on the truth of these axioms. Hence we may for example use stability of equality ∀x, y (¬¬x = y → x = y) for real numbers Very useful are Skolem axioms (Avigad 2002) that introduce for every disjunction-free formula A( x, y) a new function symbol f and the axiom ∀ x ∀y (A( x, y) → A( x, f ( x)) For example, division can be introduced by the Skolem axiom ∀x, z ∀y (x ∗ y = z → x ∗ (z/x) = z) (the expected formula, ∀x, z, y(x = 0 → (x ∗ y = z ↔ y = z/x)), follows).

63 / 68

Summary of today’s lecture

We introduced realizability for IFP, which is intuitionistic predicate logic with inductive and coinductive definitions. Abstract mathematics is included by realizing quantifiers uniformly. Induction and coinduction are completely dual and are realized by general recursion. Classically true disjuction free axioms can be added.

64 / 68

Program extraction

This lecture presents case studies in program extraction It is given jointly by members of the Minlog group: Nils K¨

• pp

Fredrik Nordvall-Forsberg Helmut Schwichtenberg Franziskus Wiesnet B

65 / 68

Overview of existing case studies in program extraction

66 / 68

Overview of existing case studies in program extraction

◮ Discrete structures

◮ Quotient and remainder on natural numbers.

Presentation by B

◮ Dijkstra’s algorithm (1997, Benl, Schwichtenberg):

Reachable nodes in a weighted graph

◮ Warshall Algorithm (2001, Schwichtenberg, Seisenberger, B):

Transitive closure of a relation

66 / 68

Overview of existing case studies in program extraction

◮ Discrete structures

◮ Quotient and remainder on natural numbers.

Presentation by B

◮ Dijkstra’s algorithm (1997, Benl, Schwichtenberg):

Reachable nodes in a weighted graph

◮ Warshall Algorithm (2001, Schwichtenberg, Seisenberger, B):

Transitive closure of a relation

◮ Programs from classical proofs

◮ GCD (1995, B, Schwichtenberg):

Uses the Friedman/Dragalin A-translation

◮ Dickson’s Lemma (2001, Schwichtenberg, Seisenberger, B):

F/D A-translation in infinite combinatorics

◮ Higman’s Lemma (2008, Seisenberger):

Uses F/D A-translation and classical countable choice

◮ Fibonacci numbers from a classical proofs (2002, Buchholz,

Schwichtenberg, B): Uses F/D A-translation to obtain fast program

66 / 68

Overview ctd.

◮ Lambda calculus:

◮ Extraction of normalization-by-evaluation (NbE) (2006,

Berghofer, Letouzey, Schwichtenberg, B): Extraction of NbE from Tait’s proof of strong normalization for the typed lambda calculus (in Isabelle, Coq, Minlog)

67 / 68

Overview ctd.

◮ Lambda calculus:

◮ Extraction of normalization-by-evaluation (NbE) (2006,

Berghofer, Letouzey, Schwichtenberg, B): Extraction of NbE from Tait’s proof of strong normalization for the typed lambda calculus (in Isabelle, Coq, Minlog)

◮ Real numbers

◮ Cauchy sequences vs signed digit representation (SD):

Cauchy sequences are functions. SD representations are streams defined by coinduction.

◮ Arithmetic operations on reals w.r.t. SD

Presentation by Franziskus Wiesnet

◮ Integration w.r.t. SD (2011, B):

Real functions are given by trees realizing a nested coinductive/inductive definition

67 / 68

Overview ctd.

◮ Lists

◮ List reversal

Uses F/D A-translation to extract linear program from naive proof

◮ In-place Quicksort (2014, Seisenberger, Woods, B):

Extracts an ’imperative’ program

68 / 68

Overview ctd.

◮ Lists

◮ List reversal

Uses F/D A-translation to extract linear program from naive proof

◮ In-place Quicksort (2014, Seisenberger, Woods, B):

Extracts an ’imperative’ program

◮ Satisfiabilty testing

◮ Extraction of a SAT-solver from completeness proof for DPLL

(2015, B, Forsberg, Lawrence, Seisenberger) Presentation by Fredrik Forsberg

68 / 68

Overview ctd.

◮ Lists

◮ List reversal

Uses F/D A-translation to extract linear program from naive proof

◮ In-place Quicksort (2014, Seisenberger, Woods, B):

Extracts an ’imperative’ program

◮ Satisfiabilty testing

◮ Extraction of a SAT-solver from completeness proof for DPLL

(2015, B, Forsberg, Lawrence, Seisenberger) Presentation by Fredrik Forsberg

◮ Ongoing: Extraction of

◮ monadic parsers (Jones, Seisenberger, B) ◮ concurrent programs (Miyamoto, Petrovska, Schwichtenberg,

Spreen, Takayama, Tsuiki, B)

◮ truly imperative programs (Reus, B) ◮ modulus of uniform continuity from Fan Theorem (B) 68 / 68