Extracting the Fan Functional Ulrich Berger Swansea University - - PowerPoint PPT Presentation

Extracting the Fan Functional

Ulrich Berger Swansea University Theory Seminar, RIMS, Kyoto University January 17, 2019 Supported by the EU project ’Computation with Infinite Data’

1 / 39

Overview

• 1. The fan functional
• 2. Computational content of proofs
• 3. Bar induction
• 4. Proving uniform continuity
• 5. Extracting the fan functional
• 6. Further work in program extraction

2 / 39

The fan functional

Given: A continuous functional F : (N → B) → N (B = {0, 1})

3 / 39

The fan functional

Given: A continuous functional F : (N → B) → N (B = {0, 1}) Since N → B is compact, F is uniformly continuous (fan theorem).

3 / 39

The fan functional

Given: A continuous functional F : (N → B) → N (B = {0, 1}) Since N → B is compact, F is uniformly continuous (fan theorem). Wanted: The modulus of uniform continuity of F.

3 / 39

The fan functional

Given: A continuous functional F : (N → B) → N (B = {0, 1}) Since N → B is compact, F is uniformly continuous (fan theorem). Wanted: The modulus of uniform continuity of F. That is, the least n such that for all α, β : N → B, if α(k) = β(k) for all k < n, then F(α) = F(β).

3 / 39

The fan functional

Given: A continuous functional F : (N → B) → N (B = {0, 1}) Since N → B is compact, F is uniformly continuous (fan theorem). Wanted: The modulus of uniform continuity of F. That is, the least n such that for all α, β : N → B, if α(k) = β(k) for all k < n, then F(α) = F(β). The function F → n is called fan functional.

3 / 39

The fan functional

Given: A continuous functional F : (N → B) → N (B = {0, 1}) Since N → B is compact, F is uniformly continuous (fan theorem). Wanted: The modulus of uniform continuity of F. That is, the least n such that for all α, β : N → B, if α(k) = β(k) for all k < n, then F(α) = F(β). The function F → n is called fan functional. We are looking for a functional program computing the fan functional, that is, a term in PCF (arithmetic + typed lambda calculus + recursion + lazy evaluation).

3 / 39

The fan functional

Given: A continuous functional F : (N → B) → N (B = {0, 1}) Since N → B is compact, F is uniformly continuous (fan theorem). Wanted: The modulus of uniform continuity of F. That is, the least n such that for all α, β : N → B, if α(k) = β(k) for all k < n, then F(α) = F(β). The function F → n is called fan functional. We are looking for a functional program computing the fan functional, that is, a term in PCF (arithmetic + typed lambda calculus + recursion + lazy evaluation). Moreover, we wish to extract the fan functional as the content of a constructive proof that F is uniformly continuous.

3 / 39

Computational content of proofs via realizability - Overview

Instead of defining when a formula is true or false one can define what it means to realize it, i.e. what it means to solve the computational problem it expresses: p r A (program p realizes the formula A)

4 / 39

Computational content of proofs via realizability - Overview

Instead of defining when a formula is true or false one can define what it means to realize it, i.e. what it means to solve the computational problem it expresses: p r A (program p realizes the formula A) Depending on the variant of realizability, p can be

◮ a code of a Turing machine (Kleene 1945) ◮ a higher-type functional program (e.g. a term in G¨

• del’s

system T)

◮ an element of a combinatory algebra (e.g. Scott’s D∞)

4 / 39

Computational content of proofs via realizability - Overview

Instead of defining when a formula is true or false one can define what it means to realize it, i.e. what it means to solve the computational problem it expresses: p r A (program p realizes the formula A) Depending on the variant of realizability, p can be

◮ a code of a Turing machine (Kleene 1945) ◮ a higher-type functional program (e.g. a term in G¨

• del’s

system T)

◮ an element of a combinatory algebra (e.g. Scott’s D∞)

Soundness Theorem. From a constructive proof of a formula one can extract a program realizing it.

4 / 39

Intuitionistic Fixed Point logic (IFP)

◮ Intuitionistic first-order logic with equality. ◮ Extra constants, function symbols and atomic predicates (not

necessarily decidable), depending on applications.

◮ Free predicate variables X, Y , . . .. ◮ Inductive and coinductive definitions as least and largest fixed

points of monotone predicate transformers.

◮ Axioms consisting of non-computational (nc), that is,

disjunction-free, formulas (depending on applications).

◮ For the classically minded user it suffices for these nc axioms

to be classically true in the intended model.

5 / 39

Intuitionistic Fixed Point logic (IFP)

◮ Intuitionistic first-order logic with equality. ◮ Extra constants, function symbols and atomic predicates (not

necessarily decidable), depending on applications.

◮ Free predicate variables X, Y , . . .. ◮ Inductive and coinductive definitions as least and largest fixed

points of monotone predicate transformers.

◮ Axioms consisting of non-computational (nc), that is,

disjunction-free, formulas (depending on applications).

◮ For the classically minded user it suffices for these nc axioms

to be classically true in the intended model. IFP is developed jointly with Hideki Tsuiki and Olga Petrovska.

5 / 39

Intuitionistic Fixed Point logic (IFP)

◮ Intuitionistic first-order logic with equality. ◮ Extra constants, function symbols and atomic predicates (not

necessarily decidable), depending on applications.

◮ Free predicate variables X, Y , . . .. ◮ Inductive and coinductive definitions as least and largest fixed

points of monotone predicate transformers.

◮ Axioms consisting of non-computational (nc), that is,

disjunction-free, formulas (depending on applications).

◮ For the classically minded user it suffices for these nc axioms

to be classically true in the intended model. IFP is developed jointly with Hideki Tsuiki and Olga Petrovska. The rational for IFP is to stay as close as possible to the axiomatic style common in mathematics while still being able to extract useful computational content from proofs.

5 / 39

Intuitionistic Fixed Point logic (IFP)

◮ Intuitionistic first-order logic with equality. ◮ Extra constants, function symbols and atomic predicates (not

necessarily decidable), depending on applications.

◮ Free predicate variables X, Y , . . .. ◮ Inductive and coinductive definitions as least and largest fixed

points of monotone predicate transformers.

◮ Axioms consisting of non-computational (nc), that is,

disjunction-free, formulas (depending on applications).

◮ For the classically minded user it suffices for these nc axioms

to be classically true in the intended model. IFP is developed jointly with Hideki Tsuiki and Olga Petrovska. The rational for IFP is to stay as close as possible to the axiomatic style common in mathematics while still being able to extract useful computational content from proofs. Without nc axioms the proof-theoretic strength of IFP is that of Π1

2-comprehension (M¨

• llerfeld 2003, Tupailo 2004).

5 / 39

Induction and coinduction

Let Φ = λX λ x A(X, x) a monotone predicate transformer. Monotonicity is usually guaranteed by requiting X to occur only at strictly positive positions in A. The following rules express that µ(Φ) is the least predicate X such that Φ(X) ⊆ X (hence Φ(µ(Φ)) = µΦ)), and ν(Φ) is the largest predicate X such that X ⊆ Φ(X) (hence Φ(ν(Φ)) = νΦ)). Φ(µ(Φ)) ⊆ µ(Φ) cl Φ(P) ⊆ P µ(Φ) ⊆ P ind ν(Φ) ⊆ Φ(ν(Φ)) cocl P ⊆ Φ(P) P ⊆ ν(Φ) coind

6 / 39

Example: Real and natural numbers

◮ Variables x, y, . . . are intended to range over abstract real

numbers

◮ Constants and function symbols: 0, 1, +, −, ∗, /, | · |, . . .. ◮ Atomic predicates: <, ≤, . . .. ◮ Nc axioms: ∀x . x + 0 = x, . . . .

7 / 39

Example: Real and natural numbers

◮ Variables x, y, . . . are intended to range over abstract real

numbers

◮ Constants and function symbols: 0, 1, +, −, ∗, /, | · |, . . .. ◮ Atomic predicates: <, ≤, . . .. ◮ Nc axioms: ∀x . x + 0 = x, . . . . ◮ Inductive predicate defining the natural numbers as a subset

• f the reals numbers: N Def

= µ Φ, where Φ = λX λx . x = 0 ∨ X(x − 1). We write this more intuitively as N(x)

µ

= x = 0 ∨ N(x − 1).

7 / 39

Example: Real and natural numbers

◮ Variables x, y, . . . are intended to range over abstract real

numbers

◮ Constants and function symbols: 0, 1, +, −, ∗, /, | · |, . . .. ◮ Atomic predicates: <, ≤, . . .. ◮ Nc axioms: ∀x . x + 0 = x, . . . . ◮ Inductive predicate defining the natural numbers as a subset

• f the reals numbers: N Def

= µ Φ, where Φ = λX λx . x = 0 ∨ X(x − 1). We write this more intuitively as N(x)

µ

= x = 0 ∨ N(x − 1).

◮ Coinductive predicate defining those real numbers that can be

approximated by dyadic rationals: C Def = ν Ψ, where Ψ = λX λx . ∃n ∈ N |x − n| ≤ 1 ∧ X(2x). Intuitive notation C(x) ν = ∃n ∈ N |x − n| ≤ 1 ∧ C(2x).

7 / 39

Example: Real and natural numbers

◮ Variables x, y, . . . are intended to range over abstract real

numbers

◮ Constants and function symbols: 0, 1, +, −, ∗, /, | · |, . . .. ◮ Atomic predicates: <, ≤, . . .. ◮ Nc axioms: ∀x . x + 0 = x, . . . . ◮ Inductive predicate defining the natural numbers as a subset

• f the reals numbers: N Def

= µ Φ, where Φ = λX λx . x = 0 ∨ X(x − 1). We write this more intuitively as N(x)

µ

= x = 0 ∨ N(x − 1).

◮ Coinductive predicate defining those real numbers that can be

approximated by dyadic rationals: C Def = ν Ψ, where Ψ = λX λx . ∃n ∈ N |x − n| ≤ 1 ∧ X(2x). Intuitive notation C(x) ν = ∃n ∈ N |x − n| ≤ 1 ∧ C(2x). One can prove C(x) ↔ ∀k ∈ N ∃q ∈ Q |x − q| ≤ 2−k where Q is the set of the rational numbers, defined as usual.

7 / 39

Realizability

To every predicate variable X we assign a new predicate variable ˜ X with an extra argument place for realizers. a r P( t) = P( t) ∧ a = Nil P atomic predicate a r X( t) = ˜ X( t, a) X a predicate variable c r (A ∧ B) = proj1(c) r A ∧ proj2(c) r B c r (A ∨ B) = ∃a (c = Left(a) ∧ a r A) ∨ ∃b (c = Right(b) ∧ b r B) f r (A → B) = ∀a (a r A → (f a) r B)

8 / 39

Realizability

To every predicate variable X we assign a new predicate variable ˜ X with an extra argument place for realizers. a r P( t) = P( t) ∧ a = Nil P atomic predicate a r X( t) = ˜ X( t, a) X a predicate variable c r (A ∧ B) = proj1(c) r A ∧ proj2(c) r B c r (A ∨ B) = ∃a (c = Left(a) ∧ a r A) ∨ ∃b (c = Right(b) ∧ b r B) f r (A → B) = ∀a (a r A → (f a) r B) a r ∀x A = ∀x (a r A) a r ∃x A = ∃x (a r A)

8 / 39

Realizability

To every predicate variable X we assign a new predicate variable ˜ X with an extra argument place for realizers. a r P( t) = P( t) ∧ a = Nil P atomic predicate a r X( t) = ˜ X( t, a) X a predicate variable c r (A ∧ B) = proj1(c) r A ∧ proj2(c) r B c r (A ∨ B) = ∃a (c = Left(a) ∧ a r A) ∨ ∃b (c = Right(b) ∧ b r B) f r (A → B) = ∀a (a r A → (f a) r B) a r ∀x A = ∀x (a r A) a r ∃x A = ∃x (a r A) a r (µ(λXλ x . A))( t) = (µ(λ ˜ Xλ xλb .b r A))( t, a) a r (ν(λXλ x . A))( t) = (ν(λ ˜ Xλ xλb .b r A))( t, a)

8 / 39

Realizability

To every predicate variable X we assign a new predicate variable ˜ X with an extra argument place for realizers. a r P( t) = P( t) ∧ a = Nil P atomic predicate a r X( t) = ˜ X( t, a) X a predicate variable c r (A ∧ B) = proj1(c) r A ∧ proj2(c) r B c r (A ∨ B) = ∃a (c = Left(a) ∧ a r A) ∨ ∃b (c = Right(b) ∧ b r B) f r (A → B) = ∀a (a r A → (f a) r B) a r ∀x A = ∀x (a r A) a r ∃x A = ∃x (a r A) a r (µ(λXλ x . A))( t) = (µ(λ ˜ Xλ xλb .b r A))( t, a) a r (ν(λXλ x . A))( t) = (ν(λ ˜ Xλ xλb .b r A))( t, a) Special treatment of nc formulas, e.g. b r (A → B) = A → b r B if A is nc

8 / 39

Soundness

Soundness Theorem From an IFP proof of a formula A from nc axioms Γ one can extract a program realizing A, provably from Γ in RIFP, the extension of IFP to the language of realizers. Γ ⊢IFP d : A = ⇒ Γ ⊢RIFP ep(d) r A

9 / 39

Soundness

Soundness Theorem From an IFP proof of a formula A from nc axioms Γ one can extract a program realizing A, provably from Γ in RIFP, the extension of IFP to the language of realizers. Γ ⊢IFP d : A = ⇒ Γ ⊢RIFP ep(d) r A The nc property (no disjunctions) can be weakened to requiring that axioms be Harrop formulas, that is, don’t contain disjunctions at strictly positive positions and that these axioms imply their realizability translations.

9 / 39

Paths and accessibility

Let ≺ be an arbitrary binary relation. Path≺(x)

ν

= ∃y ≺ x Path≺(y) (ν means ’greatest’) Acc≺(x)

µ

= ∀y ≺ x Acc≺(y)

10 / 39

Paths and accessibility

Let ≺ be an arbitrary binary relation. Path≺(x)

ν

= ∃y ≺ x Path≺(y) (ν means ’greatest’) Acc≺(x)

µ

= ∀y ≺ x Acc≺(y) Classically, Path≺ and Acc≺ are complements of each other.

10 / 39

Paths and accessibility

Let ≺ be an arbitrary binary relation. Path≺(x)

ν

= ∃y ≺ x Path≺(y) (ν means ’greatest’) Acc≺(x)

µ

= ∀y ≺ x Acc≺(y) Classically, Path≺ and Acc≺ are complements of each other. Path≺(x) means (with dependent choice) that there is an infinite ≺-descending sequence starting with x.

10 / 39

Paths and accessibility

Let ≺ be an arbitrary binary relation. Path≺(x)

ν

= ∃y ≺ x Path≺(y) (ν means ’greatest’) Acc≺(x)

µ

= ∀y ≺ x Acc≺(y) Classically, Path≺ and Acc≺ are complements of each other. Path≺(x) means (with dependent choice) that there is an infinite ≺-descending sequence starting with x. Acc≺(x) means that ≺-induction is valid at x: ∀x(∀y ≺ x P(y) → P(x)) ∀x (Acc≺(x) → P(x)) accind (progressive predicates hold at all accessible points).

10 / 39

Brouwer’s thesis (abstract form)

The implication Acc≺(x) → ¬Path≺(x) is intuitionistically valid (easy ≺-induction). The converse is can be viewed as a version of Brouwer’s thesis: BT0 ∀x (¬Path≺(x) → Acc≺(x))

11 / 39

Brouwer’s thesis (abstract form)

The implication Acc≺(x) → ¬Path≺(x) is intuitionistically valid (easy ≺-induction). The converse is can be viewed as a version of Brouwer’s thesis: BT0 ∀x (¬Path≺(x) → Acc≺(x)) Both, the premise and conclusion of BT0, are Harrop formulas (do not contain ∨ at a strictly positive position).

11 / 39

Brouwer’s thesis (abstract form)

The implication Acc≺(x) → ¬Path≺(x) is intuitionistically valid (easy ≺-induction). The converse is can be viewed as a version of Brouwer’s thesis: BT0 ∀x (¬Path≺(x) → Acc≺(x)) Both, the premise and conclusion of BT0, are Harrop formulas (do not contain ∨ at a strictly positive position). Therefore, BT0 has no computational content and hence does not spoil program extraction. Recommended reading on Brouwer’s Thesis: Wim Veldman: Brouwers Real Thesis on Bars, Philosophia Scientiae, CS 6, 2006.

11 / 39

Wellfounded induction

Combining BT0 and induction for Acc≺ one obtains wellfounded induction ∀x(∀y ≺ x P(y) → P(x)) ∀x (¬Path≺(x) → P(x)) wfind (progressive predicates hold at all wellfounded points).

12 / 39

Wellfounded induction

Combining BT0 and induction for Acc≺ one obtains wellfounded induction ∀x(∀y ≺ x P(y) → P(x)) ∀x (¬Path≺(x) → P(x)) wfind (progressive predicates hold at all wellfounded points). The extracted program is wellfounded recursion.

12 / 39

Abstract bar induction (ABI)

y ≺∗ x

µ

= y = x ∨ ∃z (y ≺∗ z ∧ z ≺ x) (refl. trans. closure) y ≺P x

Def

= y ≺ x ∧ ¬P(x)

13 / 39

Abstract bar induction (ABI)

y ≺∗ x

µ

= y = x ∨ ∃z (y ≺∗ z ∧ z ≺ x) (refl. trans. closure) y ≺P x

Def

= y ≺ x ∧ ¬P(x) Let x0 be arbitrary (playing the role of the empty sequence). Theorem (ABI). If (1) ¬Path≺P(x0) (2) ∀x ≺∗ x0 (¬P(x) ∨ Q(x)), (3) ∀x ≺∗ x0 (∀y ≺ x Q(y) → Q(x)), then Q(x0).

13 / 39

Abstract bar induction (ABI)

y ≺∗ x

µ

= y = x ∨ ∃z (y ≺∗ z ∧ z ≺ x) (refl. trans. closure) y ≺P x

Def

= y ≺ x ∧ ¬P(x) Let x0 be arbitrary (playing the role of the empty sequence). Theorem (ABI). If (1) ¬Path≺P(x0) (2) ∀x ≺∗ x0 (¬P(x) ∨ Q(x)), (3) ∀x ≺∗ x0 (∀y ≺ x Q(y) → Q(x)), then Q(x0). Proof. A constructive proof will be given later. An intuitive classical argument is: Suppose ¬Q(x0). Then ¬Q(x1) for some x1 ≺ x0, by (2). Iteratively, there is an infinite ≺-descending sequence (xi) such that ¬Q(xi) for all i. By (1), ¬P(xi) for all i. Hence (xi) is even ≺P-descending, contradicting (1).

13 / 39

Constructive proof of ABI

Assume (1) ¬Path≺P(x0) (2) ∀x ≺∗ x0 (¬P(x) ∨ Q(x)), (3) ∀x ≺∗ x0 (∀y ≺ x Q(y) → Q(x)), To show Q(x0) it suffices, by (1), to show ¬Path≺P ⊆ Q, which we do by wellfounded induction. By i.h., ∀y ≺∗

P x Q(y). We have to show Q(x).

We do a case analysis according to (2). If Q(x), we are done. If ¬P(x) then the i.h. is equivalent to the premise of (3), hence, again Q(x). The extracted program takes as inputs realizers f and g of (2) and (3) respectively and returns h where is a suggestive name for Left(Nil) (realizing x0 ≺∗ x0) and h is a realizer of the formula ∀x ≺∗ x0 Q(x) recursively defined by h s = case f s of {Left(Nil) → g s (λa (h (s ∗ a))); Right(b) → b} with s ∗ a a suggestive notation for Pair(s, a).

14 / 39

Bang!

If A is a formula, then !A is a Harrop formula with a r !A Def = a = Nil ∧ ∀a (a r A).

15 / 39

Bang!

If A is a formula, then !A is a Harrop formula with a r !A Def = a = Nil ∧ ∀a (a r A). For example, Nil r !(⊥ → A) since, a r (⊥ → A) ≡ ⊥ → a r A.

15 / 39

Bang!

If A is a formula, then !A is a Harrop formula with a r !A Def = a = Nil ∧ ∀a (a r A). For example, Nil r !(⊥ → A) since, a r (⊥ → A) ≡ ⊥ → a r A. Intuitively, !A expresses that A is true (realizable) for trivial reasons.

15 / 39

Bang!

If A is a formula, then !A is a Harrop formula with a r !A Def = a = Nil ∧ ∀a (a r A). For example, Nil r !(⊥ → A) since, a r (⊥ → A) ≡ ⊥ → a r A. Intuitively, !A expresses that A is true (realizable) for trivial reasons. Valid (realizable) rules we will use in the following: A !H !A (A Harrop) A → !B !→ !(A → B) !A ∧ !B !∧ !(B ∧ A) ∀x !A(x) !∀ !∀x A(x) ∃x !A(x) !∃ !∃x A(x)

15 / 39

!LEM

¬A → B A → !B !LEM B

16 / 39

!LEM

¬A → B A → !B !LEM B

Lemma

The rules for bang are realizable.

16 / 39

!LEM

¬A → B A → !B !LEM B

Lemma

The rules for bang are realizable.

Proof.

We only look at !LEM. Assume a r (¬A → B) and Nil r (A → !B), that is, ¬∃c c r A → a r B and ∃c c r A → ∀b b r B. Using the law of excluded middle, we conclude a r B.

16 / 39

Banged bar induction

!BI If

(1) ¬Path≺P(x0), (2) ∀x ≺∗ x0 (P(x) → !Q(x)), [in ABI ¬P(x) ∨ Q(x)] (3) ∀x ≺∗ x0 (∀y ≺ x Q(y) → Q(x)),

then Q(x0).

17 / 39

Banged bar induction

!BI If

(1) ¬Path≺P(x0), (2) ∀x ≺∗ x0 (P(x) → !Q(x)), [in ABI ¬P(x) ∨ Q(x)] (3) ∀x ≺∗ x0 (∀y ≺ x Q(y) → Q(x)),

then Q(x0).

Lemma

BT0 implies !BI.

17 / 39

Banged bar induction

!BI If

(1) ¬Path≺P(x0), (2) ∀x ≺∗ x0 (P(x) → !Q(x)), [in ABI ¬P(x) ∨ Q(x)] (3) ∀x ≺∗ x0 (∀y ≺ x Q(y) → Q(x)),

then Q(x0).

Lemma

BT0 implies !BI.

Proof.

Assume (1), (2), (3). We prove ¬Path≺P ⊆ Q by wellfounded

• induction. By i.h., ∀y ≺P x Q(y). We have to show Q(x).

By !LEM and (2), it suffices to show ¬P(x) → Q(x). Assume ¬P(x). Hence the i.h. is equivalent to the premise of (3), hence, Q(x).

17 / 39

Banged bar induction

!BI If

(1) ¬Path≺P(x0), (2) ∀x ≺∗ x0 (P(x) → !Q(x)), [in ABI ¬P(x) ∨ Q(x)] (3) ∀x ≺∗ x0 (∀y ≺ x Q(y) → Q(x)),

then Q(x0).

Lemma

BT0 implies !BI.

Proof.

Assume (1), (2), (3). We prove ¬Path≺P ⊆ Q by wellfounded

• induction. By i.h., ∀y ≺P x Q(y). We have to show Q(x).

By !LEM and (2), it suffices to show ¬P(x) → Q(x). Assume ¬P(x). Hence the i.h. is equivalent to the premise of (3), hence, Q(x). The extracted program takes as input a realizer g of (3) (note that (1) and (2) are Harrop) and returns h where h s = g s (λa (h (s ∗ a))).

17 / 39

Proving uniform continuity

We aim to prove that every total continuous functional F on Cantor space is uniformly continuous and extract from the proof the fan functional that computes the minimal modulus of uniform continuity of F.

18 / 39

Proving uniform continuity

We aim to prove that every total continuous functional F on Cantor space is uniformly continuous and extract from the proof the fan functional that computes the minimal modulus of uniform continuity of F. Language: Sorts: s0 (partial natural numbers), s1 (≃ s0 → s0), s2 (≃ s1 → s0). Constants: 0, 1, ⊥, where 0, 1 represent at the same time the first two natural numbers and the Booleans, and ⊥ represents ’undefined’ (not to be confused with the formula ⊥). Function symbols: +, −, application operation (written by juxtaposition), common (primitive recursive) operations to define finite and infinite sequences. Relation symbol: < (ordinary ordering of numbers). Axioms: The usual disjunctions-free axioms for 0, 1, +, −, <.

18 / 39

Proving uniform continuity

We aim to prove that every total continuous functional F on Cantor space is uniformly continuous and extract from the proof the fan functional that computes the minimal modulus of uniform continuity of F. Language: Sorts: s0 (partial natural numbers), s1 (≃ s0 → s0), s2 (≃ s1 → s0). Constants: 0, 1, ⊥, where 0, 1 represent at the same time the first two natural numbers and the Booleans, and ⊥ represents ’undefined’ (not to be confused with the formula ⊥). Function symbols: +, −, application operation (written by juxtaposition), common (primitive recursive) operations to define finite and infinite sequences. Relation symbol: < (ordinary ordering of numbers). Axioms: The usual disjunctions-free axioms for 0, 1, +, −, <. Natural numbers: N(x)

µ

= x = 0 ∨ N(x − 1). Booleans: B(x) Def = x = 0 ∨ x = 1

18 / 39

Partial functionals

We define the partial Booleans and natural numbers as well as the partial functionals of type 1 and 2: B⊥(x)

Def

= x = ⊥ → B(x) N⊥(x)

Def

= x = ⊥ → N(x) B1

⊥(α) Def

= ∀n (N(n) → B⊥(α n)) B2

⊥(F) Def

= ∀α (B1

⊥(α) → N⊥(Fα))

19 / 39

Continuity

Specialization order: x ⊑ y

Def

= x = ⊥ → x = y α ⊑ β

Def

= ∀n ∈ N (α n ⊑ β n)

20 / 39

Continuity

Specialization order: x ⊑ y

Def

= x = ⊥ → x = y α ⊑ β

Def

= ∀n ∈ N (α n ⊑ β n) Monotonicity, finitarity, continuity: Mon(F)

Def

= ∀α, β ∈ B1

⊥ (α ⊑ β → F α ⊑ F β)

Fin(F)

Def

= ∀α ∈ B1

⊥ (∀n ∈ N F (α ↑ n) = ⊥ → F α = ⊥)

Cont(F)

Def

= Mon(F) ∧ Fin(F) where (α ↑ n) k = if k < n then α k else ⊥.

20 / 39

Totality

Total1(α)

Def

= ∀n (N(n) → α n = ⊥) Total2(F)

Def

= ∀α (Total1(α) → Fα = ⊥))

21 / 39

Totality

Total1(α)

Def

= ∀n (N(n) → α n = ⊥) Total2(F)

Def

= ∀α (Total1(α) → Fα = ⊥)) B1(α)

Def

= B1

⊥(α) ∧ Total1(α)

B2(F)

Def

= B2

⊥(F) ∧ Total1(F)

21 / 39

Uniform continuity

A type 2 functional F is uniformly continuous if there is (a least) n ∈ N such that F α = F β for all total α, β agreeing below n. UCont(F, n)

Def

= ∀α, β ∈ B1(α =n β → F α = F β) UCont(F)

Def

= ∃n ∈ N UCont(F, n) where α =n β Def = ∀k ∈ N (k < n → α k = β k).

22 / 39

Uniform continuity

A type 2 functional F is uniformly continuous if there is (a least) n ∈ N such that F α = F β for all total α, β agreeing below n. UCont(F, n)

Def

= ∀α, β ∈ B1(α =n β → F α = F β) UCont(F)

Def

= ∃n ∈ N UCont(F, n) where α =n β Def = ∀k ∈ N (k < n → α k = β k). We aim to prove that every F ∈ B2

⊥ which is total and continuous

is uniformly continuous.

22 / 39

Extremal points

In the following let F be a total continuous functional, that is, F ∈ B2 and Cont(F).

23 / 39

Extremal points

In the following let F be a total continuous functional, that is, F ∈ B2 and Cont(F).

Theorem (Existence of extremal points)

∃αmin, αmax ∈ B1 ∀β ∈ B1 (F(αmin) ≤ F(β) ≤ F(αmax))

23 / 39

Extremal points

In the following let F be a total continuous functional, that is, F ∈ B2 and Cont(F).

Theorem (Existence of extremal points)

∃αmin, αmax ∈ B1 ∀β ∈ B1 (F(αmin) ≤ F(β) ≤ F(αmax)) Proof. Let B∗ be the set of finite sequences of Booleans, that is, B∗(s)

µ

= s = ∨ ∃t ∈ B∗ ∃b ∈ B s = t ∗ b, Define (s ∗ α) n = sn if n < |s| and (s ∗ α) n = α(n − |s|) if n ≥ |s|. We prove more generally (max only, for min we proceed similarly): ∀s ∈ B∗∃αmax ∈ B1 ∀β ∈ B1 (F(s ∗ β) ≤ F(s ∗ αmax))

23 / 39

Proof of the existence of extremal points ctd.

sec(s)

Def

= F (s ∗ ⊥ω) = ⊥ (’s is secured’) s ≺ t

Def

= ∃b ∈ B s = t ∗ b Hence B∗(s) iff s ≺∗ .

24 / 39

Proof of the existence of extremal points ctd.

sec(s)

Def

= F (s ∗ ⊥ω) = ⊥ (’s is secured’) s ≺ t

Def

= ∃b ∈ B s = t ∗ b Hence B∗(s) iff s ≺∗ . Q(s, α)

Def

= F(s ∗ α) = ⊥ ∧ ∀β ∈ B1

⊥ (F(s ∗ β) = ⊥ → F(s ∗ β) ≤ F(s ∗ α))

Q(s)

Def

= ∃α ∈ B1

⊥ Q(s, α)

24 / 39

Proof of the existence of extremal points ctd.

sec(s)

Def

= F (s ∗ ⊥ω) = ⊥ (’s is secured’) s ≺ t

Def

= ∃b ∈ B s = t ∗ b Hence B∗(s) iff s ≺∗ . Q(s, α)

Def

= F(s ∗ α) = ⊥ ∧ ∀β ∈ B1

⊥ (F(s ∗ β) = ⊥ → F(s ∗ β) ≤ F(s ∗ α))

Q(s)

Def

= ∃α ∈ B1

⊥ Q(s, α)

Claim: ∀s ∈ B∗ Q(s).

24 / 39

Proof of the existence of extremal points ctd.

sec(s)

Def

= F (s ∗ ⊥ω) = ⊥ (’s is secured’) s ≺ t

Def

= ∃b ∈ B s = t ∗ b Hence B∗(s) iff s ≺∗ . Q(s, α)

Def

= F(s ∗ α) = ⊥ ∧ ∀β ∈ B1

⊥ (F(s ∗ β) = ⊥ → F(s ∗ β) ≤ F(s ∗ α))

Q(s)

Def

= ∃α ∈ B1

⊥ Q(s, α)

Claim: ∀s ∈ B∗ Q(s). We prove the claim by banged bar induction on ≺sec.

24 / 39

Applying !BI

We have to show (1) ∀s ∈ B∗¬Path≺sec(s), (2) ∀s ∈ B∗(sec(s) → !Q(s)), (3) ∀s ∈ B∗ (∀a ∈ B Q(s ∗ a) → Q(s)),

25 / 39

Applying !BI

We have to show (1) ∀s ∈ B∗¬Path≺sec(s), (2) ∀s ∈ B∗(sec(s) → !Q(s)), (3) ∀s ∈ B∗ (∀a ∈ B Q(s ∗ a) → Q(s)), (1) holds F since is total and continuous.

25 / 39

Applying !BI

We have to show (1) ∀s ∈ B∗¬Path≺sec(s), (2) ∀s ∈ B∗(sec(s) → !Q(s)), (3) ∀s ∈ B∗ (∀a ∈ B Q(s ∗ a) → Q(s)), (1) holds F since is total and continuous. (2): By efq, !→, and !∀, !B1

⊥(⊥ω). If s ∈ B∗ is secured, then

clearly Q(s, ⊥ω). Since this a Harrop formula, it follows !Q(s, ⊥ω), by !H. With !∧ and !∃ it follows !Q(s).

25 / 39

Applying !BI

We have to show (1) ∀s ∈ B∗¬Path≺sec(s), (2) ∀s ∈ B∗(sec(s) → !Q(s)), (3) ∀s ∈ B∗ (∀a ∈ B Q(s ∗ a) → Q(s)), (1) holds F since is total and continuous. (2): By efq, !→, and !∀, !B1

⊥(⊥ω). If s ∈ B∗ is secured, then

clearly Q(s, ⊥ω). Since this a Harrop formula, it follows !Q(s, ⊥ω), by !H. With !∧ and !∃ it follows !Q(s). (3): Let s ∈ B∗ such that ∀a ∈ B Q(s ∗ a), that is, we have α0, α1 ∈ B1

⊥ such that Q(s ∗ 0, α0) and Q(s ∗ 1, α1). We have to

find α ∈ B1

⊥ such that Q(s, α). Since F ∈ B2 ⊥, we have

F(s ∗ 0 ∗ α0), F(s ∗ 1 ∗ α1) ∈ N. If F(s ∗ 0 ∗ α0) ≥ F(s ∗ 1 ∗ α1), set α = 0 ∗ α0. Otherwise, set α = 1 ∗ α1. This completes the proof of the Claim and hence the Theorem.

25 / 39

Deciding constancy

Const(F, s) Def = ∃b ∈ B ∀α ∈ B1 F (s ∗ α) = b

26 / 39

Deciding constancy

Const(F, s) Def = ∃b ∈ B ∀α ∈ B1 F (s ∗ α) = b

Theorem (Decidability of constancy)

For every s ∈ B∗ it is decidable whether F is constant on total extensions of s, that is, Const(F, s) ∨ ¬Const(F, s). Proof. By the theorem about the existence of extremal points there are αmin ∈ B1 αmax ∈ B1 such that F(s ∗ αmin), F(s ∗ αmax) ∈ N and for all β ∈ B1 F(s ∗ αmin) ≤ F(s ∗ β) ≤ F(s ∗ αmax) Hence Const(F, s) holds iff F(s ∗ αmin) = F(s ∗ αmax). Since equality of natural numbers is decidable the theorem follows.

26 / 39

The proof of uniform continuity

Theorem

Every functional F ∈ B2

⊥ which is total and continuous is uniformly

continuous.

27 / 39

The proof of uniform continuity

Theorem

Every functional F ∈ B2

⊥ which is total and continuous is uniformly

continuous. Proof. Let F ∈ B2

⊥ be total and continuous. We set

UCont(s, n)

Def

= ∀α, β ∈ B1(α =n β → F(s ∗ α) = F(s ∗ β)) UCont(s)

Def

= ∃n ∈ N UCont(s, n) and show ∀s ∈ B∗ UCont(s) by abstract bar induction, ABI, on ≺Const where ≺ is as in the proof of the existence of extremal points Const(s) Def = Const(F, s).

27 / 39

Applying ABI

We have to show: (1) Wf≺Const(), (2) ∀s ∈ B∗ (¬Const(s) ∨ UCont(s)), (3) ∀s ∈ B∗ (∀a ∈ B UCont(s ∗ a) → UCont(s)).

28 / 39

Applying ABI

We have to show: (1) Wf≺Const(), (2) ∀s ∈ B∗ (¬Const(s) ∨ UCont(s)), (3) ∀s ∈ B∗ (∀a ∈ B UCont(s ∗ a) → UCont(s)). (1) holds again by continuity.

28 / 39

Applying ABI

We have to show: (1) Wf≺Const(), (2) ∀s ∈ B∗ (¬Const(s) ∨ UCont(s)), (3) ∀s ∈ B∗ (∀a ∈ B UCont(s ∗ a) → UCont(s)). (1) holds again by continuity. (2): By the Constancy Theorem, we may assume Const(s). Then clearly UCont(s, 0).

28 / 39

Applying ABI

We have to show: (1) Wf≺Const(), (2) ∀s ∈ B∗ (¬Const(s) ∨ UCont(s)), (3) ∀s ∈ B∗ (∀a ∈ B UCont(s ∗ a) → UCont(s)). (1) holds again by continuity. (2): By the Constancy Theorem, we may assume Const(s). Then clearly UCont(s, 0). (3): Assume UCont(s ∗ 0, n) and UCont(s ∗ 1, m). Then, clearly, UCont(s, 1 + max(n, m)).

28 / 39

Program extraction

Declarations: type N = Int type B = Int type B1 = N -> B type B2 = B1 -> N (***) :: [B] -> B1 -> B1 s *** alpha = \n-> if n < length s then s !! n else alpha (n - length s)

29 / 39

Computing extremal points

minarg, maxarg :: B2 -> [B] -> B1 minarg f s = let { s0 = s ++ [0] ; s1 = s ++ [1] ; alpha0 = minarg f s0 ; alpha1 = minarg f s1 } in if f (s0 *** alpha0) <= f (s1 *** alpha1) then [0] *** alpha0 else [1] *** alpha1 maxarg f s = ...

30 / 39

Fan functional

• - testing constancy

isconst :: B2 -> [B] -> Bool isconst f s = f (s *** (minarg f s)) == f (s *** (maxarg f s)) fan :: B2 -> N fan f = aux [] where

• aux :: [B] -> N

aux s = if isconst f s then 0 else 1 + max (aux (s++[0])) (aux (s++[1])) The origin of this program is unclear. Martin Hyland claims it was known already to Robin Gandy.

31 / 39

Further work in program extraction

Realizability and program extraction is implemented in the interactive proof system Minlog developed by H Schwichtenberg in Munich. http://www.mathematik.uni-muenchen.de/~logik/minlog/

32 / 39

Overview of existing case studies in program extraction

33 / 39

Overview of existing case studies in program extraction

◮ Discrete structures

◮ Quotient and remainder on natural numbers. ◮ Dijkstra’s algorithm (1997, Benl, Schwichtenberg):

Reachable nodes in a weighted graph

◮ Warshall Algorithm (2001, Schwichtenberg, Seisenberger, B):

Transitive closure of a relation

33 / 39

Overview of existing case studies in program extraction

◮ Discrete structures

◮ Quotient and remainder on natural numbers. ◮ Dijkstra’s algorithm (1997, Benl, Schwichtenberg):

Reachable nodes in a weighted graph

◮ Warshall Algorithm (2001, Schwichtenberg, Seisenberger, B):

Transitive closure of a relation

◮ Programs from classical proofs

◮ GCD (1995, B, Schwichtenberg):

Uses the Friedman/Dragalin A-translation

◮ Dickson’s Lemma (2001, Schwichtenberg, Seisenberger, B):

F/D A-translation in infinite combinatorics

◮ Higman’s Lemma (2008, Seisenberger):

Uses F/D A-translation and classical countable choice

◮ Fibonacci numbers from a classical proofs (2002, Buchholz,

Schwichtenberg, B): Uses F/D A-translation to obtain fast program

33 / 39

Overview ctd.

◮ Lambda calculus:

◮ Extraction of normalization-by-evaluation (NbE) (2006,

Berghofer, Letouzey, Schwichtenberg, B): Extraction of NbE from Tait’s proof of strong normalization for the typed lambda calculus (in Isabelle, Coq, Minlog)

34 / 39

Overview ctd.

◮ Lambda calculus:

◮ Extraction of normalization-by-evaluation (NbE) (2006,

Berghofer, Letouzey, Schwichtenberg, B): Extraction of NbE from Tait’s proof of strong normalization for the typed lambda calculus (in Isabelle, Coq, Minlog)

◮ Real numbers

◮ Cauchy sequences vs signed digit representation (SD):

Cauchy sequences are functions. SD representations are streams defined by coinduction.

◮ Arithmetic operations on reals w.r.t. SD ◮ Integration w.r.t. SD (2011, B):

Real functions are given by trees realizing a nested coinductive/inductive definition

34 / 39

Overview ctd.

◮ Lists

◮ List reversal

Uses F/D A-translation to extract linear program from naive proof

◮ In-place Quicksort (2014, Seisenberger, Woods, B):

Extracts an ’imperative’ program

35 / 39

Overview ctd.

◮ Lists

◮ List reversal

Uses F/D A-translation to extract linear program from naive proof

◮ In-place Quicksort (2014, Seisenberger, Woods, B):

Extracts an ’imperative’ program

◮ Satisfiabilty testing

◮ Extraction of a SAT-solver from completeness proof for DPLL

(2015, B, Forsberg, Lawrence, Seisenberger)

35 / 39

Overview ctd.

◮ Lists

◮ List reversal

Uses F/D A-translation to extract linear program from naive proof

◮ In-place Quicksort (2014, Seisenberger, Woods, B):

Extracts an ’imperative’ program

◮ Satisfiabilty testing

◮ Extraction of a SAT-solver from completeness proof for DPLL

(2015, B, Forsberg, Lawrence, Seisenberger)

◮ Ongoing: Extraction of

◮ monadic parsers (Jones, Seisenberger, B) ◮ concurrent programs (Miyamoto, Petrovska, Schwichtenberg,

Spreen, Takayama, Tsuiki, B)

◮ truly imperative programs (Reus, B) ◮ modulus of uniform continuity from Fan Theorem (B) 35 / 39

Conclusion

◮ The fine grained control of computational content not only

• ptimizes extracted programs but also provides access to new

kinds of algorithms by program extraction.

36 / 39

Conclusion

◮ The fine grained control of computational content not only

• ptimizes extracted programs but also provides access to new

kinds of algorithms by program extraction.

◮ Limited use of classical logic seems to be required to verify

the correctness of these new algorithms.

36 / 39

Conclusion

◮ The fine grained control of computational content not only

• ptimizes extracted programs but also provides access to new

kinds of algorithms by program extraction.

◮ Limited use of classical logic seems to be required to verify

the correctness of these new algorithms.

◮ The Harrop version of Brouwer’s thesis and banged bar

induction might open ways to extract programs such as the Berard-Bezem-Coquand realizer of dependent choice from a proof.

36 / 39

References

Hideki Tsuiki. Real Number Computation through Gray Code Embedding.

• Theor. Comput. Sci., 284(2):467–485, 2002.

B., Kenji Miyamoto, Helmut Schwichtenberg, Hideki Tsuiki: Logic for Gray-code computation. In: Concepts of Proof in Mathematics, Philosophy, and Computer Science, de Gruyter, 2016. B., Extracting Non-Deterministic Concurrent Programs. CSL 2016, LIPICS

• L. E. J. Brouwer, Beweis dass jede volle Funktion gleichm¨

assig stetig ist. Nederlandse Akademie van Wetenschappen Verslagen 27, 189193, 1924.

• L. E. J. Brouwer, ¨

Uber Definitionsbereiche von Funktionen,

• Math. Annalen 97, 6075, 1927.

37 / 39

References

• V. Veldman. Brouwer’s Real Thesis on Bars.

Philosophia Scientiæ, CS 6, Constructivism: Mathematics, Logic, 21-42 Philosophy and Linguistics, 2006.

• H. Schwichtenberg. Minlog.

The Seventeen Provers of the World, Lecture Notes in Artificial Intell., 3600, 151–157, 2006.

http://www.mathematik.uni-muenchen.de/~logik/minlog/

• M. Escard´
• . Exhaustible sets in higher-type computation,

Logical Methods in Comput. Sci. 4 (3), 2008.

• B. Totale Objekte und Mengen in der Bereichstheorie,

PhD thesis, LMU Munich, 1990.

38 / 39

References

• B. From coinductive proofs to exact real arithmetic: theory and

applications. Logical Methods in Comput. Sci., 7(1):1–24, 2011.

• M. Escardo, P. Oliva. Bar recursion and products of selection functions,

JSL, 80(1):1-28, 2015. B, O. Petrovska Optimized program extraction for induction and coinduction CiE 2018, LNCS 10936, 70-80, 2018.

39 / 39