Minimal logic for computable functionals Helmut Schwichtenberg - - PowerPoint PPT Presentation

Minimal logic for computable functionals

Helmut Schwichtenberg

Mathematisches Institut der Universit¨ at M¨ unchen

Contents

◮ 1. Partial continuous functionals ◮ 2. Total and structure-total functionals ◮ 3. Terms; denotational and operational semantics ◮ 4. Adequacy ◮ 5. Implementation, computational content of proofs

• 1. Partial continuous functionals

(Finite) types: ρ, σ ::= µ | ρ ⇒ σ. Naive model: full set theoretic hierarchy of functionals of finite

• types. Leads to higher cardinalities. A more appropriate semantics

for typed languages has its roots in work of Kreisel (1959) (who used formal neighborhoods) and Kleene (1959). Developed in a mathematically more satisfactory way by Scott and Ershov (early 1970s). Today this theory is usually presented in the context of abstract domain theory; it is based on classical logic. Here: an attempt to develop a constructive theory of formal neighborhoods for continuous functionals, in a direct and intuitive

• style. Replace abstract domain theory by a more concrete and (in

the case of finitary free algebras) finitary theory of representations. As a framework for this we use Scott’s information systems (1982).

References

• G. Kreisel. Interpretation of analysis by means of constructive

functionals of finite types. In A. Heyting, editor, Constructivity in Mathematics, pages 101–128, 1959.

• S. C. Kleene. Countable functionals. Same volume, pages 81–100.
• Y. L. Ershov. Everywhere defined continuous functionals. Algebra i

Logika, 11(6):656–665, 1972.

• D. Scott. A type theoretical alternative to ISWIM, CUCH, OWHY.
• 1969. Published in Theoret. Comput. Sci. 121 (1993), 411–440.
• D. Scott. Domains for denotational semantics. In E. Nielsen and

E.M. Schmidt, editors, Automata, Languages and Programming, volume 140 of LNCS, pages 577–613, 1982.

Partial continuous functionals (continued)

Information systems (Scott 1982) provide an intuitive approach to deal constructively with ideal, infinite objects in function spaces, by means of their finite approximations. One has

◮ atomic units of information, called tokens, ◮ a notion of consistency for finite sets of tokens, and ◮ an entailment relation, between consistent finite sets of tokens

and single tokens. The ideals (or “objects”) of an information system are the consistent and deductively closed sets of tokens. We define the partial continuous functionals via information

• systems. We will only need to deal with atomic (a concept

introduced by Berger) and coherent (Plotkin 1978) information systems, which allows some simplifications.

Atomic coherent information systems (acis)

An acis is a triple (A, Con, ≥) with A a countable set (tokens), Con a nonempty set of finite subsets of A (consistent sets), and ≥ a transitive and reflexive relation on A (entails) which satisfy (a) ∅ ∈ Con, and {a} ∈ Con for every a ∈ A, (b) X ∈ Con iff every two-element subset of X is in Con, and (c) if {a, b} ∈ Con and b ≥ c, then {a, c} ∈ Con. Write X ≥ a for ∃b∈Xb ≥ a, and X ≥ Y for ∀a∈Y X ≥ a.

Function spaces

Lemma (Acis’s are information systems)

If X ≥ Y1, Y2, then Y1 ∪ Y2 ∈ Con.

Definition (Function space)

Let A = (A, ConA, ≥A) and B = (B, ConB, ≥B) be acis’s. Define A → B := (C, Con, ≥) with C := ConA × B, {(X1, b1), . . . (Xn, bn)} ∈ Con :↔ ∀i,j

• Xi ∪ Xj ∈ ConA → {bi, bj} ∈ ConB
• ,

(X, b) ≥ (Y , c) :↔ Y ≥A X ∧ b ≥B c.

Lemma

A → B is an acis again.

Approximable maps

The ideals (or “objects”) of an information system are the consistent and deductively closed sets of tokens; write |A| for the set of ideals of A.

Lemma

Let A and B be acis’s. The ideals of A → B are exactly the approximable maps from A to B, that is, the relations r ⊆ ConA × B such that (a) if r(X, b1) and r(X, b2), then {b1, b2} ∈ ConB, and (b) if r(X, b), Y ≥A X and b ≥B c, then r(Y , c).

Proof.

Scott 1982.

Continuity

The set |A| of ideals for A carries a natural topology (the Scott topology), which has the deductive closures X of Con-sets X as

• basis. The continuous maps f : |A| → |B| and the ideals

r ∈ |A → B| are in a bijective correspondence:

◮ With any r ∈ |A → B| we can associate a continuous

|r|: |A| → |B|: |r|(z) := { b ∈ B | r(X, b) for some X ⊆fin z },

◮ and with any continuous f : |A| → |B| we can associate

ˆ f ∈ |A → B|: ˆ f (X, b) :⇐ ⇒ b ∈ f (X). These assignments are inverse to each other, i.e., f = |ˆ f | and r = |r|.

Algebras

We consider free algebras (= data types), given by constructors.

Definition (Inductive, of types ρ and constructor types κ)

Let α = (αj)j=1,...,N be a list of distinct type variables.

• ρ,

σ1, . . . , σn ∈ T

• ρ ⇒ (

σ1 ⇒ αj1) ⇒ . . . ⇒ ( σn ⇒ αjn) ⇒ αj ∈ KT( α) (n ≥ 0) κ1, . . . , κn ∈ KT( α) (µ α (κ1, . . . , κn))j ∈ T (n ≥ 1) ρ, σ ∈ T ρ ⇒ σ ∈ T The parameter types of µ are the members of all ρ appearing in its constructor types κ1, . . . , κk.

Algebras: examples

U := µα α, Unit B := µα (α, α), Booleans N := µα (α, α ⇒ α), Natural numbers L(ρ) := µα (α, ρ ⇒ α ⇒ α), Lists ρ ⊗ σ := µα ρ ⇒ σ ⇒ α, (Tensor) product ρ + σ := µα (ρ ⇒ α, σ ⇒ α), Sum (tree, tlist) := µ(α, β) (N ⇒ α, β ⇒ α, β, α ⇒ β ⇒ β), Bin := µα (α, α ⇒ α ⇒ α), Binary trees O := µα (α, α ⇒ α, (N ⇒ α) ⇒ α), Ordinals T0 := N, Tn+1 := µα (α, (Tn ⇒ α) ⇒ α). Trees

Algebras with approximations

The acis of an algebra µj, given by constructors Ci. Tokens:

◮ a special one – written ∗ –, which carries no information; ◮ all type correct constructor expressions with an outermost Ci,

where at any finitary argument position we have a token, and at any other argument position we have a Con-set. Two tokens are in the entailment relation ≥ if either the right hand one is ∗, or they start with the same constructor, and for each finitary argument position the argument tokens a, b located there satisfy a ≥ b, and at any other argument position the Con-sets X and Y located there satisfy X ≥ Y . A finite set of tokens is consistent if each two-element subset is; two tokens are consistent if one of them is ∗, or both start with the same constructor and have consistent tokens resp. Con-sets at corresponding argument positions.

Tokens for the algebra N

• ∗❅

❅ ❅

• S∗

❅ ❅ ❅

• S0
• S(S∗)

❅ ❅ ❅

• S(S0)
• S(S(S∗))

❅ ❅ ❅

• S(S(S0))
• ...

A token a entails b iff there is a path from a (up) to b (down). In this case (and similarly for every finitary algebra) a finite set X of tokens is consistent iff it has an upper bound.

Constructors as continuous functionals

Every constructor C generates rC := { ( X, b) | b = ∗, or b = C b with Xi ≥ bi, bi token or Con-set }. The continuous map |rC| is defined by |rC|( z ) := { b | ( X, b) ∈ rC for some X ⊆fin z }. Hence the (continuous maps corresponding to) constructors are injective and their ranges are disjoint.

Ideals for N and their inclusion relation

• ⊥

❅ ❅ ❅

• S⊥

❅ ❅ ❅

• S0
• S(S⊥)

❅ ❅ ❅

• S(S0)
• S(S(S⊥))

❅ ❅ ❅

• S(S(S0))
• ... •

∞ Ideals x for µ: consistent and deductively closed sets of tokens. All non-∗ tokens in x begin with the same constructor. For instance, {S(S0), S(S∗), S∗, ∗}, {S(S∗), S∗, ∗}, {0, ∗}, {∗} are ideals for N, but also the infinite set { Sn∗ | n ≥ 0 }. ⊥, 0, ∞ denote {∗}, {0, ∗}, { Sn∗ | n ≥ 0 }.

• 2. Total and structure-total functionals

The total ideals of type ρ are defined inductively.

◮ Case µ. All |rC|(

z) with z total.

◮ Case ρ ⇒ σ. An ideal r of type ρ ⇒ σ is total iff for all total

z of type ρ, the result |r|(z) of applying r to z is total. Structure-total ideals are defined similarly; the difference is that in case µ the ideals at parameter positions of C need not be total. For N the ideals 0, S0, S(S0) etc. are total, but ⊥, S⊥, S(S⊥), . . . , ∞ are not. For L(ρ), precisely all ideals of the form Cons(x1, . . . Cons(xn, Nil) . . . ) are structure-total. The total ones are those where in addition all list elements x1, . . . , xn are total. x ∈ Gρ means x is a total ideal of type ρ (Ershov’s notation).

Induction

is valid for total and structure-total ideals. Examples (all variables range over total ideals): Indp,A : A[p := tt] → A[p := ff] → ∀pB A, Indn,A : A[n := 0] → ∀n(A → A[n := Sn]) → ∀nN A, Indl,A : A[l := Nil] → ∀x,l(A → A[l := Cons(x, l)]) → ∀lL(α) A Indx,A : ∀y1A[x := Inl(y1)] → ∀y2A[x := Inr(y2)] → ∀xρ1+ρ2 A. Induction over the structure-total ideals is defined similarly. For instance, in list induction Indl,A we can let x range over arbitrary ideals, and l over the structure-total ones.

Dense and separating sets

The density theorem (Kreisel 1958) says that any finitely generated functional (i.e., any X with X ∈ Conρ) can be extended to a total

• ne. Assume: all base types µ are such that total ideals are finite

and maximal; this is the case for finitary algebras.

Theorem (Density)

For any X ∈ Conρ we can find an x ∈ Gρ such that X ⊆fin x.

Proof.

By simultan. induction on ρ: any type ρ is dense and separating. Call a type ρ dense if ∀X∈Conρ∃x∈Gρ X ⊆ x, and separating if ∀X1,X2∈Conρ.X1 ∪ X2 / ∈ Conρ → ∃

z∈G InCon(X1(

z) ∪ X2( z)). Here z ∈ G means that z is a sequence of total zi such that Xj z is

• f a base type µ.

References

◮ G. Kreisel. Interpretation of analysis by means of constructive

functionals of finite types. In A. Heyting, editor, Constructivity in Mathematics, pages 101–128, 1959. introduces formal neighborhoods, and states the density theorem. The first full proof is in

◮ Y. L. Ershov. Everywhere defined continuous functionals.

Algebra i Logika, 11(6):656–665, 1972. A more general formulation, involving the duality between dense and separating sets, is due to

◮ U. Berger. Total sets and objects in domain theory. Annals of

Pure and Applied Logic, 60:91–117, 1993. (Based on his dissertation, Munich 1990) All these papers work with flat base domains.

• 3. Terms; denotational and operational semantics

We consider a formal (functional programming) language, in the style of Plotkin’s PCF, and see how we can provide a denotational semantics (that is, a meaning) for the terms of this language.

Definition (Term)

M, N ::= xρ | Cρ | Dρ | (λxρ Mσ)ρ⇒σ | (Mρ⇒σNρ)σ. A closed term M of type ρ will denote a partial continuous functional of this type, that is, a consistent and deductively closed set of tokens of type ρ. We will define this set inductively.

References

A partial continuous functional is an ideal, consisting of tokens. These tokens – and also the finite Con-sets formed from them – are syntactic in nature; they are similar to “formal neighborhoods”. Kreisel’s idea to build a semantics via formal neighborhoods, i.e., from syntax, appears in many forms in the literature:

◮ P. Martin-L¨

• f. The domain interpretation of type theory. Talk

at the workshop on semantics of programming languages, Chalmers University, G¨

• teborg, 1983.

◮ H. Barendregt, M. Coppo, M. Dezani. A filter lambda model

and the completeness of type assignment. The Journal of Symbolic Logic, 48(4):931–940, 1983. There is also some recent work of T. Coquand.

Computable functionals

Since ideals are sets of tokens (which are concrete expressions), it makes sense to speak of recursively enumerable (r.e.) ideals; we call them computable. It is a practical necessity to define computable functionals as constants with computation rules (= recursion equations). Of particular interest among those are

◮ the (structural) recursion operators, e.g., Rτ N of type

τ ⇒ (N ⇒ τ ⇒ τ) ⇒ N ⇒ τ, defined by

• R(g, h, 0) := g,

R(g, h, S(n)) := h(n, R(g, h, n));

◮ the fixed point operators Yρ of type (ρ ⇒ ρ) ⇒ ρ, defined by

Yρf := f (Yρf ).

Computation rules

A system of computation rules for a defined constant D consists of finitely many equations D Pi = Mi (i = 1, . . . , n) with constructor patterns Pi, such that Pi and Pj (i = j) are non-unifiable. Constructor patterns are lists of applicative terms, built from constructors and distinct variables. Formal definition (inductive):

◮ x(x) is a constructor pattern. ◮ If C is a constructor and

P( x ) a constructor pattern, then (C P)( x ) is a constructor pattern.

◮ If

P( x ) and Q( y ) are constructor patterns whose variables x and y are disjoint, then ( P, Q)( x, y ) is a constructor pattern.

Definition (Inductive, of ( X, b) ∈ [ [λ x M] ])

Xi ≥ b ( X, b) ∈ [ [λ x xi] ] (V ), ( X, Y ) ⊆ [ [λ x N] ] ( X, Y , c) ∈ [ [λ x M] ] ( X, c) ∈ [ [λ x.MN] ] (A). For every constructor C we have ( X, Y , ∗) ∈ [ [λ x C] ] (C∗),

• Y ≥

b ( X, Y , C b ) ∈ [ [λ x C] ] (C). For every defined constant D we have ( X, Y , ∗) ∈ [ [λ x D] ] (D∗), ( X, Y , b) ∈ [ [λ x, y M] ] ( X, P( Y ), b) ∈ [ [λ x D] ] (D), with one such rule (D) for every computation rule D P( y ) = M.

Properties of [ [λ x M] ]

Lemma

( X, b) ∈ [ [λ x.C N] ] iff b = ∗, or there are c ≥ b such that b = C b and ( X, ci) ∈ [ [λ x Ni] ] (i = 1, . . . , n). Using the fact that the left hand sides of computation rules are non-unifiable we can prove:

Lemma

[ [λ x M] ] is an ideal, i.e., consistent and deductively closed.

Proof.

Induction on ( X, b) ∈ [ [λ x M] ].

Preservation of values under computation rules

[ [M] ]

• X
• x := { b | (

X, b) ∈ [ [λx M] ] }, [ [M] ]

u

• x :=
• X⊆fin

u

[ [M] ]

• X
• x .

Lemma

(a) If Y ≥ X, b ≥ c and b ∈ [ [M] ]

X

• x , then c ∈ [

[M] ]

Y

• x .

(b) If v ⊇ u, b ≥ c and b ∈ [ [M] ]

u

• x, then c ∈ [

[M] ]

v

• x.

Lemma

(a) [ [xi] ]

u

• x = ui.

(b) [ [λy M] ]

u

• x = { (Y , b) | b ∈ [

[M] ]

u,Y

• x,y }.

(c) [ [MN] ]

u

• x = [

[M] ]

u

• x[

[N] ]

u

• x.

Corollary

[ [λy M] ]

u

• xv = [

[M] ]

u,v

• x,y.

Preservation of values under computation rules (ctd.)

Lemma (Substitution)

[ [M] ]

• u,[

[N] ]

u

• x
• x,z

= [ [M[z := N]] ]

u

• x.

Lemma (Preservation of values, β)

[ [(λy M)N] ]

u

• x = [

[M[y := N]] ]

u

• x.

Lemma (Preservation of values, η)

[ [λy.My] ]

u

• x = [

[M] ]

u

• x, if y /

∈ FV(M).

Lemma

( X, Y , b) ∈ [ [λ x, y.M[z := C y ]] ] iff ( X, C Y , b) ∈ [ [λ x, z M] ].

Lemma (Preservation of values under computation rules)

For every computation rule D P( y ) = M of a defined constant D, [ [λ y.D P( y )] ] = [ [λ y M] ].

Example: doubling

D : N ⇒ N is defined by the computation rules D0 = 0, D(Sn) = S(S(Dn)). Induction on n proves

• ({Sn0}, S2n0) ∈ [

[D] ], ({Sna}, S2n∗) ∈ [ [D] ] for all a.

Example: addition

+: N ⇒ N ⇒ N is defined by the computation rules n + 0 = n, n + Sm = S(n + m). Then (X, b) ∈ [ [λm.0 + m] ] iff

◮ either b = ∗ and X is arbitrary, or ◮ b = 0 and 0 ∈ X, or ◮ b = Sn0 and Sn0 ∈ X, or b = Sn∗ and Sna ∈ X for some a.

Hence [ [λm.0 + m] ] = [ [λm m] ]. This is of interest: it allows to replace 0 + M by M for an arbitrary (not necessarily total) term M, without affecting the values.

• 4. Adequacy

Terms can be (operationally) evaluated, using the computation rules for defined constants and

• (λxM)N ≻1 M[x := N]

β-conversion, λx.Mx ≻1 M if x / ∈ FV(M), η-conversion.

◮ G.D. Plotkin. LCF considered as a programming language.

Theoretical Computer Science, 5:223–255, 1977. proved (for PCF) that this evaluation is computationally adequate: If [ [M] ] = k, then M ≻∗ k. Plotkin’s adequacy theorem can be extended to the present setting

• f non-flat algebras and computation rules.

Operational semantics

Definition (M ≻1 N, M head-reduces to N)

(λx M)N ≻1 M[x := N], M ≻1 M′ MN ≻1 M′N , D P( N ) ≻1 M[ y := N] for D P( y ) = M a computation rule, M ≻1 M′ Ba1 . . . anM ≻1 Ba1 . . . anM′ for n < ar(B). denotes the reflexive transitive closure of ≻1. For every term M there is at most one M′ such that M ≻1 M′. Call M normal if there is no such M′.

Operational interpretation of formal neighborhoods

Definition (M ∈ [a], for M closed)

(a) For a of base type µ, M ∈ [a] iff ∃b≥a M b. (b) M ∈ [(X, b)] iff ∀N∈[X] MN ∈ [b]. Here N ∈ [X] means ∀a∈X N ∈ [a].

Lemma

If M N, N ∈ [Y ] and Y ≥ X, then M ∈ [X].

Theorem (Adequacy)

If ( X, b) ∈ [ [λ x M] ] with b a proper token, then λ x M ∈ [( X ′, b′)] for some ( X ′, b′) ≥ ( X, b).

Related work

An adequacy theorem in a type-theoretic setting is proved in

◮ P. Martin-L¨

• f. The domain interpretation of type theory. Talk

at the workshop on semantics of programming languages, Chalmers University, G¨

• teborg, 1983.

Coquand, building on this work of Martin-L¨

• f and

◮ U. Berger. Continuous semantics for strong normalization. In

• Proc. CiE 2005, volume 3526 of LNCS, pages 23–34, 2005
• bserved that the adequacy result even holds for untyped

languages, hence also for dependently typed ones:

Definition (M ∈ [a], for M closed)

(a) For a of base type µ, M ∈ [a] iff ∃b≥a M b. (b) M ∈ [(X, b)] iff M λx M′ or M B M with length of M less than ar(B), and ∀N∈[X] MN ∈ [b].

• 5. Implementation, computational content of proofs

Available (in Minlog www.minlog-system.de):

◮ (Simply) typed variables, ranging over partial continuous

functionals (= the mathematically correct domains of computable functionals); free algebras as base types.

◮ Formulas and types are kept apart (⇒ simple types suffice). ◮ Type and predicate parameters are allowed, as placeholders for

types and formulas; no quantification over these.

◮ Constants denote computable functionals; they are defined via

computation rules.

◮ Terms with the same normal form are identified, w.r.t.

standard conversion (including computation rules), and value preserving rewrite rules.

◮ Extraction from constructive (realizability interpretation) and

classical proofs (refined A-translation).

Example: existence of normal forms in typed λ-calculus

The proof of Tait (1967) uses computability predicates, defined by induction over types. What is the computational content of this proof? Answered by Berger (1993): “normalization by evaluation”. Machine extraction needs a formalization of Tait’s proof. Computability predicates have a realizer argument, in Cω :=

ρ Cρ

(a “universe”, with partial “administrative functions”).

Lemma 1: (a) SCρ(r) → SNρ(r), (b) SAρ(r) → SCρ(r)

Induction on ρ. Case ι. (a) holds by definition. (b). Assume SA(r), that is ∀k.F(r, k) → ∃s Aι(r, s). We must show SCι(r), that is ∀k.F(r, k) → ∃s Nι(r, s). Use (Ax2): Aι(r, s) → Nι(r, s). Case ρ ⇒ σ. (a). Assume SCρ⇒σ(r) and F(r, k). Show ∃s N(r, s). Let ρ ⊢ r : ρ, σ := e( ρ, k, ρ), l := Lh( ρ, σ ). Have SAρ(xk) by Aρ(xk, xk) (axiom on A), hence SCρ(xk) by IH(b). From SCρ⇒σ(r) obtain SCσ(rxk), hence SNσ(rxk) by IH(a). Have F(rxk, l), hence Nσ(rxk, t) for some t. Now Nρ⇒σ(r, λxρ

k t) by

(Ax1). (b). Assume SAρ⇒σ(r) and SCρ(s). Show SCσ(rs). By IH(b) it suffices to show SAσ(rs). So assume F(rs, k); show A(rs, t) for some t. From F(rs, k) obtain F(r, k) and F(s, k) (axioms on F). Using SA(r) obtain A(r, r1) for some r1. By IH(a) obtain SN(s), so N(s, s1) for some s1. Hence A(rs, r1s1) (axiom on A).

Extracted term: Lemma 1

(Rec type=>(omega=>nat=>term)@@((nat=>term)=>omega)) (ModIota@OmegaInIota) ([rho3,rho4,p5,p6] ([a7,n8] Abs rho3 (Sub (left p6(Mod a7(right p5([n9]Var n8)))(Succ n8)) (Wrap(Succ(Succ n8)) ((Var map Seq 1 n8):+:(Var 0):))))@ ([g7] Hat rho3 rho4 ([a8]right p6([n9]g7 n9(left p5 a8 n9)))))

Lemma 1 ∼ reify & reflect

Disregarding administrative functions and translating via rho4 rho5 left p5 right p5 left p6 right p6 ρ σ ↓ρ ↑ρ ↓σ ↑σ gives ↓ρ : Cω → (N → Λ) (“reify”) ↑ρ : (N → Λ) → Cω (“reflect”), with the recursion equations ↓ι(r):=r, ↑ι(r):=r, ↓ρ⇒σ(a)(k):=λxρ

k .↓σ

• a(↑ρ(x∞

k ))

• (k+1),

↑ρ⇒σ(r)(b):=↑σ(r ↓ρ(b)).

Conclusion

◮ Computable functionals (of finite types) over the partial

continuous functionals form a basic mathematical structure.

◮ Total (and monotone) functionals are best treated as

particular partial continuous ones.

◮ For applications the base domains should be non-flat (“lazy”)

free algebras.

◮ Program extraction from proofs not only gives certified code

(“no logical errors”), but (in case of clever proofs) can even give unexpected algorithms.

◮ To be done: “Type theory with approximations”.