Program Extraction in Constructive Analysis Helmut Schwichtenberg - - PowerPoint PPT Presentation

Program Extraction in Constructive Analysis Helmut Schwichtenberg Mathematisches Institut, Universit¨ at M¨ unchen

1

Program extraction from proofs Every constructive existence proof contains an algorithm. Bishop 1970 “Mathematics as a numerical language”. −: +: +: +: +:

2

Program extraction from proofs Every constructive existence proof contains an algorithm. Bishop 1970 “Mathematics as a numerical language”. −: Less direct, needs formalization. +: +: +: +:

2-a

Program extraction from proofs Every constructive existence proof contains an algorithm. Bishop 1970 “Mathematics as a numerical language”. −: Less direct, needs formalization. +: Extracted programs are correct by construction. +: +: +:

2-b

Program extraction from proofs Every constructive existence proof contains an algorithm. Bishop 1970 “Mathematics as a numerical language”. −: Less direct, needs formalization. +: Extracted programs are correct by construction. +: Proofs machine checkable, programs not (in principle). +: +:

2-c

Program extraction from proofs Every constructive existence proof contains an algorithm. Bishop 1970 “Mathematics as a numerical language”. −: Less direct, needs formalization. +: Extracted programs are correct by construction. +: Proofs machine checkable, programs not (in principle). +: Proof of r realizes ∀x∃yA(x, y) machine checkable. +:

2-d

Program extraction from proofs Every constructive existence proof contains an algorithm. Bishop 1970 “Mathematics as a numerical language”. −: Less direct, needs formalization. +: Extracted programs are correct by construction. +: Proofs machine checkable, programs not (in principle). +: Proof of r realizes ∀x∃yA(x, y) machine checkable. +: Program development by proof transformation.

2-e

Program extraction from proofs (ctd.) Related work: “proof carrying code” (Lee, Necula). Here: “code carrying proofs”. Efficiency is an issue. Careful selection necessary, of:

• definitions (∼ data structures), and
• proofs.

Moreover: unexpected algorithms in classical proofs.

3

Minlog . . . deals with computable functionals, using minimal logic.

4

Minlog . . . deals with computable functionals, using minimal logic.

• Constants denote computable functionals. Quantifiers

range over Scott-Ershov partial continuous functionals.

4-a

Minlog . . . deals with computable functionals, using minimal logic.

• Constants denote computable functionals. Quantifiers

range over Scott-Ershov partial continuous functionals.

• Conservative over HA. Kreisel: strong language, weak

existence axioms.

4-b

Minlog . . . deals with computable functionals, using minimal logic.

• Constants denote computable functionals. Quantifiers

range over Scott-Ershov partial continuous functionals.

• Conservative over HA. Kreisel: strong language, weak

existence axioms.

• Based on minimal (not classical or intuitionistic) logic.

More general; allows to implement program extraction from classical proofs, via refined A-translation [BBS02].

4-c

Minlog . . . deals with computable functionals, using minimal logic.

• Constants denote computable functionals. Quantifiers

range over Scott-Ershov partial continuous functionals.

• Conservative over HA. Kreisel: strong language, weak

existence axioms.

• Based on minimal (not classical or intuitionistic) logic.

More general; allows to implement program extraction from classical proofs, via refined A-translation [BBS02].

• Proofs treated as first class objects.

4-d

Minlog (ctd.)

• (Simply) typed variables; free algebras as base types.

5

Minlog (ctd.)

• (Simply) typed variables; free algebras as base types.
• Type and predicate parameters allowed, as placeholders

for types and formulas. No quantification over these.

5-a

Minlog (ctd.)

• (Simply) typed variables; free algebras as base types.
• Type and predicate parameters allowed, as placeholders

for types and formulas. No quantification over these.

• Deduction modulo: terms with the same normal form are

identified, w.r.t. user defined rewrite rules.

5-b

Minlog (ctd.)

• (Simply) typed variables; free algebras as base types.
• Type and predicate parameters allowed, as placeholders

for types and formulas. No quantification over these.

• Deduction modulo: terms with the same normal form are

identified, w.r.t. user defined rewrite rules.

• Decidable predicates implemented via boolean valued

functions, hence the rewrite mechanism applies to them.

5-c

Minlog (ctd.)

• (Simply) typed variables; free algebras as base types.
• Type and predicate parameters allowed, as placeholders

for types and formulas. No quantification over these.

• Deduction modulo: terms with the same normal form are

identified, w.r.t. user defined rewrite rules.

• Decidable predicates implemented via boolean valued

functions, hence the rewrite mechanism applies to them.

• www.minlog-system.de

5-d

Program extraction in constructive analysis

6

Program extraction in constructive analysis

• Use exact real numbers (not floating point numbers).

6-a

Program extraction in constructive analysis

• Use exact real numbers (not floating point numbers).
• Emphasis on low type level witnesses (use separability).

6-b

Program extraction in constructive analysis

• Use exact real numbers (not floating point numbers).
• Emphasis on low type level witnesses (use separability).
• Example: Intermediate value theorem.

6-c

Program extraction in constructive analysis

• Use exact real numbers (not floating point numbers).
• Emphasis on low type level witnesses (use separability).
• Example: Intermediate value theorem.
• Prospect: approximate solutions of ODEs.

6-d

Reals A real number x is a pair ((an)n∈N, α) with an ∈ Q and α: N → N such that (an)n is a Cauchy sequence with modulus α, that is ∀k, n, m. α(k) ≤ n, m → |an − am| ≤ 2−k, and α is weakly increasing. Two reals x := ((an)n, α), y := ((bn)n, β) are equivalent (written x = y), if ∀k(|aα(k+1) − bβ(k+1)| ≤ 2−k).

7

Nonnegative and positive reals A real x := ((an)n, α) is nonnegative (written x ∈ R0+) if ∀k(−2−k ≤ aα(k)). It is k-positive (written x ∈k R+) if 2−k ≤ aα(k+1). x ∈ R0+ and x ∈k R+ are compatible with equivalence. Can define x → kx such that an ≤ 2kx for all n. However, x → kx is not compatible with equivalence.

8

Given x := ((an)n, α) and y := ((bn)n, β), define z cn γ(k) x + y an + bn max(α(k + 1), β(k + 1)) −x −an α(k) |x| |an| α(k) x · y an · bn max(α(k + 1 + k|y|), β(k + 1 + k|x|))

1 x for |x| ∈l R+

  

1 an

if an = 0 if an = 0 α(2(l + 1) + k)

9

Cleaning up a real After some computations involving reals, rationals in the Cauchy sequences may become complex. Hence: clean up a real, as follows.

• Lemma. For every real x = ((an)n, α) we can construct an

equivalent real y = ((bn)n, β) where the rationals bn are of the form cn/2n with integers cn, and with modulus β(k) = k + 2.

• Proof. cn := ⌊aα(n) · 2n⌋.

10

Redundant dyadic representation of reals The existence of the usual b-adic representation of reals cannot be proved constructively (1.000 . . . vs .999 . . . ). Cure: in addition to 0, . . . , b − 1 also admit −1 as a

• numeral. For b = 2:
• Lemma. Every real x can be represented in the form

∞

• n=−k

an2−n with an ∈ {−1, 0, 1}. Notice: uniqueness is lost (this is not a problem).

11

Comparison of reals Write x ≤ y for y − x ∈ R0+ and x < y for y − x ∈ R+. x ≤ y ↔ ∀k∃p∀n.p ≤ n → an ≤ bn + 2−k x < y ↔ ∃k, q∀n. q ≤ n → an + 2−k ≤ bn Write x <k,q y (or simply x <k y if q is not needed) when we want to call these witnesses. Notice: x ≤ y ↔ y < x.

12

A continuous function f : I → R on a compact interval I with rational end points is given by

• an approximating map hf : (I ∩ Q) × N → Q and a

(uniform) modulus map αf : N → N such that (hf(c, n))n is a real with modulus αf;

• ωf : N → N (uniform) modulus of continuity:

|a − b| ≤ 2−ωf(k)+1 → |hf(a, n) − hf(b, n)| ≤ 2−k for n ≥ αf(k). αf, ωf required to be weakly increasing. Notice: hf, αf, ωf are of type level 1 only.

13

Application of a continuous function to a real Given a continuous function f (by hf, αf, ωf) and a real x := ((an)n, α), application f(x) is defined to be (hf(an, n))n with modulus k → max(αf(k + 2), α(ωf(k + 1) − 1)). Can show: x = y → f(x) = f(y), |x − y| ≤ 2−ωf(k) → |f(x) − f(y)| ≤ 2−k.

14

Intermediate value theorem Let a < b be rationals. If f : [a, b] → R is continuous with f(a) ≤ 0 ≤ f(b), and with a uniform lower bound on its slope, then we can find x ∈ [a, b] such that f(x) = 0. Proof sketch. (1) Approximate Splitting Principle. Let x, y, z be given with x < y. Then either z ≤ y or x ≤ z. (2) IVTAux. Assume a ≤ c < d ≤ b, say 2−n < d − c, and f(c) ≤ 0 ≤ f(d). Construct c1, d1 with d1 − c1 = 2

3(d − c),

such that a ≤ c ≤ c1 < d1 ≤ d ≤ b and f(c1) ≤ 0 ≤ f(d1). (3) IVTcds. Iterate the step c, d → c1, d1 in IVTAux. Let x = (cn)n and y = (dn)n with the obvious modulus. As f is continuous, f(x) = 0 = f(y) for the real number x = y.

15

Issues

16

Issues

• For efficiency: binary numbers (1, n → 2n, n → 2n + 1).

16-a

Issues

• For efficiency: binary numbers (1, n → 2n, n → 2n + 1).
• + on Q: need to cancel gcd (Euclidean algorithm).

16-b

Issues

• For efficiency: binary numbers (1, n → 2n, n → 2n + 1).
• + on Q: need to cancel gcd (Euclidean algorithm).
• Euclidean algorithm is not a structural recursion.

16-c

Issues

• For efficiency: binary numbers (1, n → 2n, n → 2n + 1).
• + on Q: need to cancel gcd (Euclidean algorithm).
• Euclidean algorithm is not a structural recursion.
• Hence: need general ≺-induction and recursion.

16-d

≺-induction Let α be a type, x, y: α and ≺ an irreflexive, transitive and well-founded relation on α.

• ∀x.(∀y.y ≺ x → Qy) → Qx
• → ∀x.Qx

Corresponding ≺-recursion: fx = G(x, [f]≺,x) with [f]≺,xy :=    fy if y ≺ x

• therwise

17

≺-induction (ctd.) Problem: fx = G(x, [f]≺,x), when viewed as rewrite rule, does not terminate. Cure (Howard): Additional boolean argument, such that fx = f ′(x, tx) (t: α → B decides ≺-minimality). Rewrite rules for f ′(r, tt) and f ′(r, ff) only. Need corresponding (equivalent) induction scheme.

18

≺-induction, reformulated ∀t.(∀x.tx ↔ ∀y y ≺ x) → (∀x.tx → Qx) →

• ∀x.¬tx → (∀y.y ≺ x → Qy) → Qx
• →

∀x, b.b = tx → Qx Recursion equation for realizer F(t, g, G, x, b) =: f ′(x, b) f ′(x, tt) = gx f ′(x, ff) = G(x, λy.    f ′(y, ty)) if y ≺ x

• therwise

) Then fx = f ′(x, tx).

19

Example: quotient and remainder p ranges over pos, and i over int. (set-goal (pf "all p,i.0<=i -> ex i1,i2.i=i1*p+i2 & 0<=i2 & i2<p")) (assume "p") (cases) ; negative (strip) (use-with "Efq" 1) ... (save "QR")

20

Extracted program for quotient and remainder [n0,i1] [if i1 ([n2]0@0) ([unit2]0@0) ((Rec pos=>int@@int) [if n0 (1@0) ([n3]0@1) ([n3]0@1)] ([n3,ij4] [if (2*rht ij4<n0) (2*lft ij4@2*rht ij4) (2*lft ij4+1@2*rht ij4-n0)]) ([n3,ij4] [if (2*rht ij4+1<n0) (2*lft ij4@2*rht ij4+1) (2*lft ij4+1@2*rht ij4+1-n0)]))]

21

Quotient and remainder (ctd.) (animate "QR") (pp (nt (pt "cQR 237 6958"))) "29@85" (define qrsound (proof-to-soundness-proof (theorem-name-to-proof "QR"))) (check-and-display-proof qrsound)

22

Future work

• 1. Case studies for program extraction, e.g., the

Cauchy-Euler existence proof for ODEs.

• 2. Program development by proof transformation: find

mathematical examples.

• 3. Resource sensitivity. G¨
• del’s T can be restricted (using

ramification and linearity) such that the definable functions are the poly-time ones [BNS ’00, Hofmann]. Study corresponding arithmetical system.

23

References

• P. Schuster and H.S., Constructive solutions of continuous
• equations. To appear
• U. Berger, W. Buchholz and H.S., Refined Program

Extraction from Classical Proofs. Annals of Pure and Applied Logic 2002

• U. Berger, H.S. and M. Seisenberger, The Warshall

Algorithm and Dickson’s Lemma: Two Examples of Realistic Program Extraction. J. Aut. Reasoning 2001 http://www.mathematik.uni-muenchen.de/ ˜schwicht/

24