Intuitionistic Fixed Point Logic and Program Extraction (with Prawf) - - PowerPoint PPT Presentation

Intuitionistic Fixed Point Logic and Program Extraction (with Prawf)

Olga Petrovska (joint work with Ulrich Berger (SU) and Hideki Tsuiki (Kyoto University)) 6-8 April, BCTCS 2020 (Coronavirus Edition )

This work was supported by the Marie Curie International Re- search Stafg Exchange Schemes Computable Analysis (PIRSES-GA- 2011-294962) and Correctness by Construction (FP7-PEOPLE-2013- IRSES-612638) as well as the Marie Curie RISE project Computing with Infinite Data (H2020-MSCA-RISE-2016-731143) and the EPSRC Doctoral Training Grant

• No. 1818640.

Motivation

Creating a formal system exploiting Curry-Howard isomorphism to extract useful and ‘correct-by-construction’ programs from proofs about abstract mathematics. Existing systems:

• Minlog (H. Schwichtenberg): http://www.mathematik.

uni-muenchen.de/~logik/minlog/index.php

• Nuprl, Isabelle, Coq etc.
• Prawf NEW

1

Motivation

Creating a formal system exploiting Curry-Howard isomorphism to extract useful and ‘correct-by-construction’ programs from proofs about abstract mathematics. Existing systems:

• Minlog (H. Schwichtenberg): http://www.mathematik.

uni-muenchen.de/~logik/minlog/index.php

• Nuprl, Isabelle, Coq etc.
• Prawf NEW

1

Motivation

Creating a formal system exploiting Curry-Howard isomorphism to extract useful and ‘correct-by-construction’ programs from proofs about abstract mathematics. Existing systems:

• Minlog (H. Schwichtenberg): http://www.mathematik.

uni-muenchen.de/~logik/minlog/index.php

• Nuprl, Isabelle, Coq etc.
• Prawf NEW

1

Motivation

Creating a formal system exploiting Curry-Howard isomorphism to extract useful and ‘correct-by-construction’ programs from proofs about abstract mathematics. Existing systems:

• Minlog (H. Schwichtenberg): http://www.mathematik.

uni-muenchen.de/~logik/minlog/index.php

• Nuprl, Isabelle, Coq etc.
• Prawf NEW

1

Motivation

Creating a formal system exploiting Curry-Howard isomorphism to extract useful and ‘correct-by-construction’ programs from proofs about abstract mathematics. Existing systems:

• Minlog (H. Schwichtenberg): http://www.mathematik.

uni-muenchen.de/~logik/minlog/index.php

• Nuprl, Isabelle, Coq etc.
• Prawf NEW

1

Agenda

• Intuitionistic Fixed Point Logic
• Realizability
• Soundness
• Demo

2

Intuitionistic Fixed Point Logic (IFP) as a schema

First-order logic with lambda abstractions and fixed point operators IFP is a schema

(1) Sorts ι, ι1, . . . as names for spaces of abstract mathematical objects. (2) Terms ( ⃗ t) that include variables, constants of fixed sorts ι and function symbols types ⃗ ι → ι. (3) Predicate constants of fixed arities (⃗ ι). Formulas ∋ A, B ::= P( ⃗ t) | A ∧ B | A ∨ B | A → B | ∀x A | ∃x A Predicates ∋ P, Q ::= X | P | λ⃗ x A | µ Φ | ν Φ Operators ∋ Φ, Ψ ::= λX P (P is strictly positive in X)

3

Intuitionistic Fixed Point Logic (IFP)

• Intuitionistic Predicate Logic

Natural deduction with equality

• Inductions and Coinduction

cl Φ(µ Φ) ⊆ µ Φ Φ(P) ⊆ P ind µ Φ ⊆ P cocl ν Φ ⊆ Φ(ν Φ) P ⊆ Φ(P) coind P ⊆ ν Φ

• Axioms consisting of closed disjunction-free formulas

e.g., ∀x , y(x + y = y + x)

4

Realizability and RIFP

A realizer is an object that “realizes” a formula from a formal theory, i.e. serves as a confirmation of its truth. IFP for Realisers (RIFP) The Scott domain of realizers is defined by the recursive domain equation D = Nil + Lt(D) + Rt(D) + Pair(D × D) + F(D → D) where + denotes the separated sum, × the Cartesian product and D → D is the continuous function space.

5

Non-Computational and Harrop Expressions

A Harrop expression contains no disjunction or free predicate variable at a strictly positive position 1. A non-computational expression contains neither disjunctions nor free predicate variable.

1predicate variable is not free in the premise of an implication

6

Realizability and Simplified Realizability

We assing to every

• non-Harrop formula A a predicate R(A) with one argument for

realizers

• non-Harrop predicate P a predicate R(P) with an extra argument

for realizers

• non-Harrop operator Φ an operator R(Φ) with an extra argument

for realizers

• Harrop formula A a formula H(A)
• Harrop predicate P a predicate H(P) of the same arity
• Harrop operator Φ an operator H(Φ) of the same arity

7

Realizability interpretation

8

Soundness

Γ, ∆ ⊢IFP A∗ ⇒ H(Γ),⃗ a r ∆ ⊢RIFP p r A, where FV(p) ⊆ ⃗ a. *The admissibility condition is that either Φ and P are both Harrop or both non-Harrop or Φ is Harrop and simple and P is non-Harrop. Simple means that no sub-expression (of an expression in question)

• f a form µΦ or νΦ contains a predicate variable X free.

9

IFP’ and the Soundness Theorem

Hideki Tsuiki suggested creating IFP’ to get rid of the admissibility

• restriction. This also proved to be useful for simplifying program

extraction implementation. Monotonicity of the operator Φ: Mon(Φ)

Def

= X ⊆ Y → Φ(X) ⊆ Φ(Y) where X and Y are fresh variables. Φ(P) ⊆ P Mon(Φ) µ(Φ) ⊆ P IND’(Φ, P) (∗) P ⊆ Φ(P) Mon(Φ) P ⊆ ν(Φ) COIND’(Φ, P) (∗)

(∗) free assumptions in the proof of Mon(Φ) must not contain X or Y free.

10

Soundness proof i

Γ, ∆ ⊢IFP′ A ⇒ H(Γ),⃗ a r ∆ ⊢RIFP p r A, where FV(p) ⊆ ⃗ a. Proof by induction on the length of IFP’ derivations.

11

Soundness proof ii

Ind′. Assume ⊢IFP′ (Φ(P) ⊆ P), where Φ(P) = Q[P/X] and ⊢IFP′ Mon(Φ), i.e. X ⊆ Y → Q ⊆ Q[Y/X].

• I.h.1nH ⊢RIFP s r (Φ(P) ⊆ P);
• I.h.monnH ⊢RIFP m r (Mon(Φ));

If Φ and P are non-Harrop show: f r (µ(Φ) ⊆ P) ≡ R(µΦ) ⊆ f−1 ◦ R(P) f r (Q ⊆ P) ≡ R(Q) ⊆ f−1 ◦ R(P)∗ = R(µ(λX Q)) ⊆ f−1 ◦ R(P) since Φ = λX Q = (µ(λ˜ XR(Q))) ⊆ f−1 ◦ R(P) since R(µΦ) = µ(R(Φ)) and R(λX Q) = λ˜ X(R(Q)) * Proven by a separate lemma, which includes a number of equivalences like above

12

Soundness proof iii

By s.p. induction, it is enough to show R(Q)[f−1 ◦ R(P)/˜ X] ⊆ f−1 ◦ R(P) (1) By i.h.1nH we have: s r (Φ(P) ⊆ (P)), which is equivalent to R(Q[P/X]) ⊆ s−1 ◦ R(P) (2) By i.h.monnH we have m r Mon(Φ) and by Lemma (a) this implies m r (Mon(Φ)[P/Y]) (3) Writing out Mon(Φ)[P/Y] we obtain X ⊆ P → Q ⊆ Q[P/X]. Hence, 3 can be rewritten as ∀g(g r (X ⊆ P) → (m g) r (Q ⊆ Q[P/X])) ≡ ∀g(R(X) ⊆ g−1 ◦ R(P) → R(Q) ⊆ (m g)−1 ◦ R(Q[P/X])) by the equivalences lemma = ∀g(˜ X ⊆ g−1 ◦ R(P) → R(Q) ⊆ (m g)−1 ◦ R(Q[P/X])) by def. of R(X)

(a) If RIFP proves a r A from assumptions that do not contain the predicate variable X and if P is a non-Harrop predicate of the same arity as X, then RIFP proves a r (A[P/X]) from the same assumptions. 13

Soundness proof iv

∀g(˜ X ⊆ g−1 ◦ R(P) → R(Q) ⊆ (m g)−1 ◦ R(Q[P/X])) If we define g as f and ˜ X = f−1 ◦ R(P) and use Lemma (b), we get R(Q)[f−1 ◦ R(P)/˜ X] ⊆ (m f)−1 ◦ R(Q[P/X])) ⊆ (m f)−1 ◦ (s−1 ◦ R(P)) by 2 = (s ◦ m f)−1 ◦ R(P) by the equivalences lemma Hence, the realiser is recursively defined as f = s ◦ m f

(b) If IFP, IFP’, or RIFP proves Γ ⊢ A, then the same system proves Γ[P/X] ⊢ A[P/X], Γ[P/X] ⊢ A[P/X], where A, P, X are arbitrary formulas, predicates, predicate variables, respectively, and ˆ X is an arbitrary predicate constant that does not appear in any axiom. 14

Key points before the demo

• IFP is a scheme

more flexibility, abstraction (e.g., list reversal, translation between representations)

• Use of classical logic as long as it is disjunction-free
• Prawf is build specifically for the purpose of program extraction

15

Demo

15

Future work

• Extensions for sequent calculus proofs (Yvett Szilagyi)
• Extension for CFP (Concurrent Fixed Point Logic)
• Developing theorems database in Prawf

16

References

• U. Berger, P. O., and H. Tsuiki.

Prawf: An interactive proof system for program extraction. To be published in proceedings of 16th Conference on Computability in Europe, CiE, 2020.

• U. Berger and O. Petrovska.

Optimised program extraction for induction and coinduction. In Sailing Routes in the World of Computation: 14th Conference

• n Computability in Europe, CiE 2018, Kiel, Germany, July 30 –

August 3, pages 70–80, 2018.

• U. Berger and H. Tsuiki.

Intuitionistic fixed point logic. Unpublished manuscript available on ArXiv, 2019. Prawf: https://prawftree.wordpress.com/

17

Thank you

17