Coq as a Metatheory for Nuprl with Bar Induction Vincent Rahli and - - PowerPoint PPT Presentation

▶

Jan 14, 2023 133 likes •396 views

Coq as a Metatheory for Nuprl with Bar Induction Vincent Rahli and Mark Bickford http://www.nuprl.org September 16, 2015 Vincent Rahli Bar Induction September 16, 2015 1/25 Overall Story Mark Bickford Luitzen Egbertus Jan Brouwer Robert

SLIDE 1

Coq as a Metatheory for Nuprl with Bar Induction

Vincent Rahli and Mark Bickford http://www.nuprl.org September 16, 2015

Vincent Rahli Bar Induction September 16, 2015 1/25

SLIDE 2

Overall Story

Luitzen Egbertus Jan Brouwer Mark Bickford Robert L. Constable

Vincent Rahli Bar Induction September 16, 2015 2/25

SLIDE 3

Nuprl in a Nutshell

Similar to Coq and Agda Extensional Intuitionistic Type Theory for partial functions Consistency proof in Coq: https://github.com/vrahli/NuprlInCoq Cloud based & virtual machines: http://www.nuprl.org JonPRL: http://www.jonprl.org

Vincent Rahli Bar Induction September 16, 2015 3/25

SLIDE 4

Nuprl Stack

Vincent Rahli Bar Induction September 16, 2015 4/25

SLIDE 5

Howe’s Computational Equality

ĺ is a simulation relation Greatest fixpoint of the following relation: t rRs u if whenever t computes to a value θpbq, then u also computes to a value θpb1q such that b R b1. Examples: K ĺ 1, xK, 1y ĺ x1, 1y „ is a bisimulation relation (a „ b “ a ĺ b ^ b ĺ a) Purely by computation: map(f ,map(g,l)) „ map(f ˝ g,l) ĺ and „ are congruences

Vincent Rahli Bar Induction September 16, 2015 5/25

SLIDE 6

Howe’s Computational Equality

Type checking and type inference are undecidable Proving that terms are well-formed can be cumbersome „ saves us from having to prove well-formedness It turned out that many equalities could be stated using „

Vincent Rahli Bar Induction September 16, 2015 6/25

SLIDE 7

Nuprl Types

Based on Martin-L¨

f’s extensional type theory

Equality: a “ b P T Dependent product: a:A Ñ Bras Dependent sum: a:A ˆ Bras Universe: Ui

Vincent Rahli Bar Induction September 16, 2015 7/25

SLIDE 8

Nuprl Types

Less “conventional types” Partial: A Disjoint union: A`B Intersection: Xa:A.Bras Union: Ya:A.Bras Subset: ta : A | Brasu Quotient: T{{E Domain: Base Simulation: t1 ĺ t2

(Void “ 0 ĺ 1 and Unit “ 0 ĺ 0)

Bisimulation: t1 „ t2 Image: ImgpA, f q PER: perpRq

Vincent Rahli Bar Induction September 16, 2015 8/25

SLIDE 9

Nuprl Types

Image type (Nogin & Kopylov) Subset: ta : A | Brasu fi Imgpa:A ˆ Bras, π1q Union: Ya:A.Bras fi Imgpa:A ˆ Bras, π2q

Vincent Rahli Bar Induction September 16, 2015 9/25

SLIDE 10

Nuprl Types

PER type (inspired by Allen) Top “ perpλ , .0 ĺ 0q haltsptq “ ‹ ĺ plet x :“ t in ‹q A [ B “ Xx:Base. X y:haltspxq.isaxiompx, A, Bq T{{E “ perpλx, y.px P Tq [ py P Tq [ pE x yqq

Vincent Rahli Bar Induction September 16, 2015 10/25

SLIDE 11

Nuprl Types

Squashing ÓT tUnit | Tu ImgpT, λ .‹q perpλx.λy.‹ ĺ x [ ‹ ĺ y [ Tq åT T{{True perpλx.λy.x P T [ y P Tq ÛT Top{{T perpλ .λ .Tq

Vincent Rahli Bar Induction September 16, 2015 11/25

SLIDE 12

Nuprl Refinements

Nuprl’s proof engine is called a refiner (TB) A generic goal directed reasoner:

{ a rule interpreter { a proof manager

Example of a rule H $ a:A Ñ Bras text λx.bu BY [lambdaFormation] H, x : A $ Brxs text bu H $ A P Ui text ‹u

Vincent Rahli Bar Induction September 16, 2015 12/25

SLIDE 13

Nuprl PER Semantics Implemented in Coq

Stuart Allen had his own meta-theory that was meant to be meaningful on its own and needs not be framed into type

theory. We chose to use Coq and Agda.

Vincent Rahli Bar Induction September 16, 2015 13/25

SLIDE 14

Nuprl PER Semantics Implemented in Coq

Vincent Rahli Bar Induction September 16, 2015 14/25

SLIDE 15

The More Inference Rules the Better!

All verified Expose more of the metatheory Encode Mathematical knowledge

Vincent Rahli Bar Induction September 16, 2015 15/25

SLIDE 16

Intuitionistic Type Theory

We’ve proved these rules correct using our Coq model: Brouwer’s Continuity Principle for numbers ΠF:B Ñ N.Πf :B.åΣn:N.Πg:B.f “NNn g Ñ Fpf q “N Fpgq (B “ NN “ N Ñ N) Bar induction

{ On free choice sequences of closed terms without atoms { We can build indexed W types

Vincent Rahli Bar Induction September 16, 2015 16/25

SLIDE 17

Weak Continuity

False in Nuprl (following Escard´

and Xu)

ΠF:B Ñ N.Πf :B.Σn:N.Πg:B.f “NNn g Ñ Fpf q “N Fpgq Easy in Coq model (almost purely by computation) because it doesn’t have computational content ΠF:B Ñ N.Πf :B.ÓΣn:N.Πg:B.f “NNn g Ñ Fpf q “N Fpgq Harder in Coq because it has computational content: uses named exceptions + ν (following Longley’s method) ΠF:B Ñ N.Πf :B.åΣn:N.Πg:B.f “NNn g Ñ Fpf q “N Fpgq

Vincent Rahli Bar Induction September 16, 2015 17/25

SLIDE 18

Strong Continuity

Actually what we proved in Coq is essentially ΠF:B Ñ N. åΣM:pΠn:N.NNn Ñ N`Unitq. Πf :B.Σn:N. M n f “N`Unit inlpFpf qq ^ Πm:N.islpM m f q Ñ m “N n which is equivalent to weak continuity because (standard) AC1,0å ñ (WCPå ð ñ SCPå)

Vincent Rahli Bar Induction September 16, 2015 18/25

SLIDE 19

Axiom of Choice

Trivial Πa:A.Σb:B.P a b ñ Σf :BA.Πa:A.P a f paq Harder to prove (AC0,0) in Coq: uses the axiom of choice and free choice sequences Πa:N.ÓΣb:N.P a b ñ ÓΣf :NN.Πa:N.P a f paq Non-trivial to prove (AC0,n and AC1,n) in Nuprl Πa:N.åΣb:B.P a b ñ åΣf :BN.Πa:N.P a f paq Πa:B.åΣb:B.P a b ñ åΣf :BB.Πa:B.P a f paq

Vincent Rahli Bar Induction September 16, 2015 19/25

SLIDE 20

Uniform Continuity

Follows from the Fan Theorem (every decidable bar is uniform) and Weak Continuity (standard) ΠF:C Ñ N.åΣn:N.Πf , g:C.f “2Nn g Ñ Fpf q “N Fpgq (C “ 2N) Following Escard´

and Xu:

ΠF:C Ñ N.Σn:N.Πf , g:C.f “2Nn g Ñ Fpf q “N Fpgq

Vincent Rahli Bar Induction September 16, 2015 20/25

SLIDE 21

Bar Induction

Fan Theorem follows from Bar Induction on Decidable Bars (BID)

H $ ÓpX 0 cq BY [BID] pdecq H, n : N, s : NNn $ B n s _ B n s pbarq H, s : NN $ ÓDn : N. B n s pimpq H, n : N, s : NNn, m : B n s $ X n s pindq H, n : N, s : NNn, x : p@m : N. X pn ` 1q extps, n, mqq $ X n s

Vincent Rahli Bar Induction September 16, 2015 21/25

SLIDE 22

Bar Induction

We proved BID for free choice sequences of numbers in Coq following Dummett’s “standard” classical proof (easy) We added free choice sequences of numbers to Nuprl’s model: all Coq functions from N to N What about sequences of terms?

Vincent Rahli Bar Induction September 16, 2015 22/25

SLIDE 23

Bar Induction

We proved BID for free choice sequences of closed terms without names (in Coq following Dummett’s “standard” classical proof) Harder because we had to turn our terms into a big W type: a function from N to terms is now a term! Why without names? ν picks fresh names and we can’t compute the collection of all names anymore (still doable I think)

Vincent Rahli Bar Induction September 16, 2015 23/25

SLIDE 24

Law of Excluded Middle

LEM is false in Nuprl (Anand) ΠP:P.P _ P Follows from: Πt:Base.t ó _ t ó (call the function magic) We can prove: if magicpKq then K else ‹ ĺ if magicp‹q then K else ‹ We get: ‹ ĺ K Squashed version is true in Coq (using LEM in Coq) ΠP:P.ÓpP _ Pq

Vincent Rahli Bar Induction September 16, 2015 24/25

SLIDE 25

Questions

Can we prove continuity for sequences of terms instead of B? Can we prove BID/BIM on sequences of terms with atoms? What does that give us? “ proof-theoretic strength? Can I hope to be able to prove BID in Coq/Agda without LEM/AC?

Vincent Rahli Bar Induction September 16, 2015 25/25

Coq as a Metatheory for Nuprl with Bar Induction

Vincent Rahli and Mark Bickford http://www.nuprl.org September 16, 2015

Overall Story

Luitzen Egbertus Jan Brouwer Mark Bickford Robert L. Constable

Nuprl in a Nutshell

Similar to Coq and Agda Extensional Intuitionistic Type Theory for partial functions Consistency proof in Coq: https://github.com/vrahli/NuprlInCoq Cloud based & virtual machines: http://www.nuprl.org JonPRL: http://www.jonprl.org

Nuprl Stack

Howe’s Computational Equality

Howe’s Computational Equality

Type checking and type inference are undecidable Proving that terms are well-formed can be cumbersome „ saves us from having to prove well-formedness It turned out that many equalities could be stated using „

Nuprl Types

Based on Martin-L¨

Equality: a “ b P T Dependent product: a:A Ñ Bras Dependent sum: a:A ˆ Bras Universe: Ui

Nuprl Types

Less “conventional types” Partial: A Disjoint union: A`B Intersection: Xa:A.Bras Union: Ya:A.Bras Subset: ta : A | Brasu Quotient: T{{E Domain: Base Simulation: t1 ĺ t2

(Void “ 0 ĺ 1 and Unit “ 0 ĺ 0)

Bisimulation: t1 „ t2 Image: ImgpA, f q PER: perpRq

Nuprl Types

Image type (Nogin & Kopylov) Subset: ta : A | Brasu fi Imgpa:A ˆ Bras, π1q Union: Ya:A.Bras fi Imgpa:A ˆ Bras, π2q

Nuprl Types

PER type (inspired by Allen) Top “ perpλ , .0 ĺ 0q haltsptq “ ‹ ĺ plet x :“ t in ‹q A [ B “ Xx:Base. X y:haltspxq.isaxiompx, A, Bq T{{E “ perpλx, y.px P Tq [ py P Tq [ pE x yqq

Nuprl Types

Squashing ÓT tUnit | Tu ImgpT, λ .‹q perpλx.λy.‹ ĺ x [ ‹ ĺ y [ Tq åT T{{True perpλx.λy.x P T [ y P Tq ÛT Top{{T perpλ .λ .Tq

Nuprl Refinements

Nuprl’s proof engine is called a refiner (TB) A generic goal directed reasoner:

Example of a rule H $ a:A Ñ Bras text λx.bu BY [lambdaFormation] H, x : A $ Brxs text bu H $ A P Ui text ‹u

Nuprl PER Semantics Implemented in Coq

Stuart Allen had his own meta-theory that was meant to be meaningful on its own and needs not be framed into type

Nuprl PER Semantics Implemented in Coq

The More Inference Rules the Better!

All verified Expose more of the metatheory Encode Mathematical knowledge

Intuitionistic Type Theory

We’ve proved these rules correct using our Coq model: Brouwer’s Continuity Principle for numbers ΠF:B Ñ N.Πf :B.åΣn:N.Πg:B.f “NNn g Ñ Fpf q “N Fpgq (B “ NN “ N Ñ N) Bar induction

Weak Continuity

False in Nuprl (following Escard´

Strong Continuity

Actually what we proved in Coq is essentially ΠF:B Ñ N. åΣM:pΠn:N.NNn Ñ N`Unitq. Πf :B.Σn:N. M n f “N`Unit inlpFpf qq ^ Πm:N.islpM m f q Ñ m “N n which is equivalent to weak continuity because (standard) AC1,0å ñ (WCPå ð ñ SCPå)

Axiom of Choice

Uniform Continuity

Follows from the Fan Theorem (every decidable bar is uniform) and Weak Continuity (standard) ΠF:C Ñ N.åΣn:N.Πf , g:C.f “2Nn g Ñ Fpf q “N Fpgq (C “ 2N) Following Escard´

ΠF:C Ñ N.Σn:N.Πf , g:C.f “2Nn g Ñ Fpf q “N Fpgq

Bar Induction

Fan Theorem follows from Bar Induction on Decidable Bars (BID)

H $ ÓpX 0 cq BY [BID] pdecq H, n : N, s : NNn $ B n s _ B n s pbarq H, s : NN $ ÓDn : N. B n s pimpq H, n : N, s : NNn, m : B n s $ X n s pindq H, n : N, s : NNn, x : p@m : N. X pn ` 1q extps, n, mqq $ X n s

Bar Induction

We proved BID for free choice sequences of numbers in Coq following Dummett’s “standard” classical proof (easy) We added free choice sequences of numbers to Nuprl’s model: all Coq functions from N to N What about sequences of terms?

Bar Induction

Law of Excluded Middle

LEM is false in Nuprl (Anand) ΠP:P.P _ P Follows from: Πt:Base.t ó _ t ó (call the function magic) We can prove: if magicpKq then K else ‹ ĺ if magicp‹q then K else ‹ We get: ‹ ĺ K Squashed version is true in Coq (using LEM in Coq) ΠP:P.ÓpP _ Pq

Questions

Can we prove continuity for sequences of terms instead of B? Can we prove BID/BIM on sequences of terms with atoms? What does that give us? ­“ proof-theoretic strength? Can I hope to be able to prove BID in Coq/Agda without LEM/AC?

Can we prove continuity for sequences of terms instead of B? Can we prove BID/BIM on sequences of terms with atoms? What does that give us? “ proof-theoretic strength? Can I hope to be able to prove BID in Coq/Agda without LEM/AC?