Program Extraction in Churchs Simple Theory of Types with - PowerPoint PPT Presentation

Program Extraction in Church’s Simple Theory of Types with Applications to Computable Analysis Ulrich Berger Swansea University Computation and Correctness in Analysis (CCA) Nancy, 9 July 2013 1 / 36

A logical approach to computable analysis In this talk I present a logical approach to computable analysis based on program extraction from proofs. I’ll explain the basic principle, give some examples and highlight aspects that might make this approach interesting to people working in computable analysis. The main attraction of the approach is, in my opinion, the fact that one can work directly with abstract mathematical objects without having to construct particular representations. The work reported in this talk is joint with Monika Seisenberger and Tie Hou from Swansea and Helmut Schichtenberg and Kenji Miyamoto in Munich. Parts of it is implemented in the the proof system Minlog. 2 / 36

The COMPUTAL project http://computal.uni-trier.de/ Participating Universities: Cambridge, Cape Town, Darmstadt, Hagen, Kanazawa, Ljubljana, Munich, Novosibirsk, Pretoria, Siegen, Swansea, Trier. 2nd COMPUTAL workshop, Gregynog, 26-30 June 2013 Topics: computable analysis, domain theory, topology, exact real number computation, program extraction. 3 / 36

Overview ◮ Introduction: from constructive ideas to program extraction ◮ What is exact real number computation? ◮ Formalizing real numbers and continuous functions ◮ Extracting exact real number arithmetic ◮ Efficient continuity ◮ Church’s simple theory of types ◮ Realizability interpretation of CST ◮ Conclusion 4 / 36

From constructive ideas to program extraction Origins ◮ Kronecker, Brouwer, Heyting, Kolmogorov, Bishop: Mathematics as a theory of mental constructions (Intuitionism, Constructivism) ◮ G¨ odel, Kleene, Kreisel: Functional- and Realizability interpretations ◮ Curry-Howard correspondence: Formulas-as-types, Proofs-as-programs Trends ◮ Proof Mining based on Functional Interpretation ◮ Constructive Type Theory ◮ Computational interpretations of classical proofs ◮ Program specification based on realizability ◮ Program extraction based on realizability 5 / 36

What is program extraction? (1) Instead of defining what it means for a formula A to be true one defines what it means for a program to realize A . Intuitively, a realizer is a solution of the computational problem expressed by A . (2) The Soundness Theorem states that from a constructive proof of A one can extract (automatically) a realizer of A (and a proof that it is a realizer). (3) The Adequacy Theorem states that programs that denote concrete data (e.g. natural numbers) evaluate to canonical representations of the data (e.g. 3 + 4 evaluates to 7). I.o.w. programms are not just formal expressions, but they compute as expected. Domain Theory is essential for the proof! For a category-theoretic formulation of (1), which leads to a general theory of representations and specification of programs, see e.g. Andrej Bauer’s PhD thesis “The Realizability Approach to Computable Analysis and Topology” and “Implementing real numbers with RZ” (CCA 2007). 6 / 36

Program Extraction from a Computer Science Perspective Traditional approach to verified software: Problem ⇒ Program ⇒ Proof Program extraction: Problem ⇒ Proof ⇒ Program Advantages: ◮ the step “ Proof ⇒ Program ” is automatic, ◮ correctness of extracted program is proved automatically, ◮ data structures are generated automatically, ◮ new data strures and algorithms may be discovered, ◮ problem and proof can be writen in usual mathematics (no “constructivisation” necessary), ◮ target programming language can be low level (and fast) since not used for manual programming. ◮ Moreover, all sub-programs are specified and proven correct, which supports safe modification of programs. 7 / 36

State of the art Program extraction (PE) is implemented in Nuprl PX Minlog Coq Isabel Agda . . . Minlog (Schwichtenberg, Munich): ◮ active research in PE ◮ PE from concrete and and abstract mathematics ◮ PE from constructive and classical proofs ◮ PE based on realizability or functional (Dialectica) interpretation ◮ case studies in constructive analysis, infinitary combinatorics, lambda calculus, parsing, sat solving, . . . . 8 / 36

What is exact real number computation? A Double precision computation: f(x) = 1+x-(x^2)*(x+1)*((1/x)-(1/(x+1))) *Main> f (10^9) -149.21128177642822 The problem is not that the result is wrong (it should be 1), but that floating point arithmetic doesn’t warn us. Exact real number computation ◮ provides exact error bounds, ◮ can make errors arbitrarily small, ◮ comes with a rigorous proof of these facts, ◮ should be fast (iRRAM, M¨ uller, Trier) 9 / 36

Formalizing real numbers We assume that the structure R of real numbers with 0 , 1 , + , − , ∗ , /, = , <, sin , sg , . . . is given axiomatically (no implementation or computational model provided). Any true disjunction-free first-order formulas are allowed as axioms. Since in classical logic disjunction can be expressed by other logical connectives, all classically true statements can be axioms. In addition true higher-order formulas satisfying certain syntactic criteria (details later) are allowed. For example, completeness: X nonempty and bounded → X has l.u.b 10 / 36

Discontinuous and partial fuctions Discontinuous functions are allowed. E.g. the sign function with the axioms x < 0 → sg ( x ) = − 1 x = 0 → sg ( x ) = 0 x > 0 → sg ( x ) = 1 The partial function 1 / x can be thought of as being totalized, however, without stating anything about 1 / 0: x � = 0 → x ∗ 1 / x = 1 11 / 36

Natural numbers, integers, rational numbers . . . are defined as subsets of R : µ x ∈ N ≡ x = 0 ∨ x − 1 ∈ N x ∈ Z ≡ x ∈ N ∨ − x ∈ N x ∈ Q ≡ ∃ n ∈ Z , m ∈ N \ { 0 } . x = n / m where “ µ ” means that N is inductively defined, i.e. it is the least set satisfying the equation. The realizers of “ t ∈ N ” will be unary numerals. To obtain binary one defines µ x ∈ N 2 ≡ x ∈ { 0 , 1 } ∨ ∃ y > 0 ( y ∈ N 2 ∧ ∃ d ∈ { 0 , 1 } ( x = 2 y + d )) Here is our first theorem we extract a program from: Theorem ∀ x ( N ( x ) ⇔ N 2 ( x )). The extracted program translates between unary and binary notation. 12 / 36

Realizability by example: natural numbers In order to obtain the definition of a r N ( x ) (“ a realizes the fact that x is a natural number”) we first compute the type of potential realizers as follows: ◮ replace “ t ∈ N ” by a name for the data type, say Nat . ◮ replace other atomic formulas by the unit or ‘void’ type 1 , ◮ delete all quantifiers and object terms, ◮ replace ∨ by + (disjoint sum) and ∧ by × (cartesian product), ◮ carry out obvious simplifications (e.g. replace α × 1 by α ). µ Hence, the definition x ∈ N ≡ x = 0 ∨ x − 1 ∈ N yields the free µ algebra of unary numbers: Nat ≡ 1 + Nat . The definition of a r N ( x ), where a ∈ Nat , is a copy of the definition of N (we call the constructors of Nat Z and S ): µ a r N ( x ) ≡ ( a = Z ∧ x = 0) ∨ ( a = S ( b ) ∧ b r N ( x − 1)) Hence a r N ( x ) iff n is a unary representation of x . 13 / 36

Realizability of implication and “for all” A realizer of an implication A → B is a function mapping realizers of A to realizers of B (as in the theory of representations). a r ∀ x A ( x ) means ∀ x ( a r A ( x )) (where a does not depend on x ). Putting things together, a realizer of the formula ∀ x . N ( x ) → N 2 ( x ) is a function f such that whenenver a realizes N ( x ) (i.e. a is a unary representation of x ), then f ( a ) realizes N 2 ( x ) (i.e. f ( a ) is a binary representation of x ). The function f is extracted from the proof of the formula. 14 / 36

Approximating real numbers Two (equivalent) ways of saying that a real number x ∈ I := [ − 1 , 1] can be approximated: A ( x ) ⇔ | x | < 1 ∧ ∀ n ∈ N ∃ q ∈ Q x ∈ B n ( q ) ν C 0 ( x ) ⇔ | x | < 1 ∧ ∃ d ∈ {− 1 , 0 , 1 } C 0 (2 ∗ x − d ) where x ∈ B n ( q ) ≡ | x − q | < 2 − n . A realizer of A ( x ) is a fast rational Cauchy sequence converging to x . A realizer of C 0 ( x ) is an infinite stream of signed digits, d 0 : d 1 : . . . representing x , i.e. ∞ � d i ∗ 2 i +1 x = 0 Theorem A ( x ) ↔ C 0 ( x ). The extracted program translates between Cauchy and signed digit representation. 15 / 36

Extracting exact real number arithmetic If x , y ∈ C 0 then x + y Theorem ∈ C 0 . 2 Theorem If x , y ∈ C 0 then xy ∈ C 0 . From these theorems one extracts implementations of addition and multiplication w.r.t. the signed digit representation. Similar implementations were studied by Edalat, Potts, Heckmann, Escardo, Ciaffaglione, Gianantonio, e.t.c. The difference is that we extract the programs 16 / 36

Approximating continuous functions A function f : I → I is continuous iff ∀ l ∈ N ∃ k ∈ N ∀ p ∈ Q ∃ q ∈ Q f [ B k ( p )] ⊆ B l ( q ) Using this as a definition, a realizer of the statement “ f is continuous” consists of α : N → N l �→ k (modulus) g : N × Q → Q ( l , p ) �→ q (approximating function) such that ∀ l ∈ N ∀ p ∈ Q f [ B α ( l ) ( p )] ⊆ B l ( g ( l , p )) This corresponds to the usual notion of representations of continuous functions. 17 / 36