Programs extracted from proofs: efficiency aspects Helmut - PowerPoint PPT Presentation

Programs extracted from proofs: efficiency aspects Helmut Schwichtenberg Mathematisches Institut, LMU, M¨ unchen National Institute of Informatics, Tokyo, Japan, 31 March 2010 Helmut Schwichtenberg Programs extracted from proofs: efficiency aspects

Code carrying proof ◮ “Proof carrying code” (Necula) reversed. ◮ Allows machine check of the source proofs: no logical errors. ◮ Important: efficiency aspects. ◮ Here: (i) CPS, (ii) streams. Helmut Schwichtenberg Programs extracted from proofs: efficiency aspects

Brouwer-Heyting-Kolmogorov interpretation ◮ Kolmogorov (1932) proposed to view a formula A as a computational problem, of type τ ( A ), the type of a potential solution or “realizer” (Kleene, Kreisel) of A . ◮ τ ( A ) should be the type of the term (or “program”) to be extracted from a proof of A . ◮ Formally, we assign to every formula A an object τ ( A ) (a type or the nulltype symbol ◦ ). ◮ In case τ ( A ) = ◦ proofs of A have no computational content; such formulas A are called computationally irrelevant (c.i.); the other ones computationally relevant (c.r.). Helmut Schwichtenberg Programs extracted from proofs: efficiency aspects

Extraction of programs or of terms? ◮ In Coq, Agda, Isabelle, Nuprl: extraction of programs. ◮ Here this is split up: proof �→ term �→ program. ◮ Reason: for terms one can give a formal soundness proof, which is machine checkable. Helmut Schwichtenberg Programs extracted from proofs: efficiency aspects

Classical logic: ∃ -free fragment of minimal logic Minimal logic: ◮ → , ∀ . ◮ Natural deduction style (rules → ± , ∀ ± ). ◮ ⊥ propositional variable. Define ¬ A := A → ⊥ . Classical logic: add stability axioms. ¬¬ Rt → Rt , The (constructive) connectives ∃ , ∨ can be defined inductively. Helmut Schwichtenberg Programs extracted from proofs: efficiency aspects

∃ -proofs using induction Induction step in ∃ -proof: ∃ x Px → ∃ x P ′ x . In the ∃ -free fragment prove instead ∀ x ( P ′ x → ⊥ ) → ∀ x ( Px → ⊥ ) . View ⊥ as placeholder for the final goal. ◮ “If we would know how to reach from P ′ x the final goal ⊥ , then we also know how to reach it from Px .” ◮ Expect: tail recursive (continuation passing style) program. Helmut Schwichtenberg Programs extracted from proofs: efficiency aspects

A -translation (Dragalin, Friedman), refined Some classes of formulas: ◮ D definite: R , P , I → D , ∀ x D ∈ D . ◮ G goal: I , ⊥ , R → G , D 0 → G ∈ G ( D 0 quant.-free definite). ◮ R relevant definite: ⊥ , G → R , ∀ x R ∈ R . ◮ I irrelevant goal: P , D → I , ∀ x I ∈ I . Let A F := A [ ⊥ := F ] , ¬ A := A → F , ¬ ⊥ A := A → ⊥ . Lemma (Ishihara 2000, U.Berger & Buchholz & H.S. 2002) There are derivations from F → ⊥ and F → P of D F → D , G → ¬ ⊥ ¬ ⊥ G F , ¬ ⊥ ¬ R F → R , I → I F . Helmut Schwichtenberg Programs extracted from proofs: efficiency aspects

An open problem Recall: ⊢ i D F → D for definite formulas D . Problem: Characterize the class of formulas D such that ⊢ i D F → D . D is too small: let S := ∀ x ((( Qx → F ) → F ) → Qx ) , D := ( ∀ x Qx → ⊥ ) → ⊥ . Then ⊢ i ( S → D ) F → S → D , but S → D / ∈ D . Helmut Schwichtenberg Programs extracted from proofs: efficiency aspects

Extraction from classical existence proofs Theorem (BBS2002) Assume that for definite formulas � D and a goal formula G ( y ) we have a derivation M ˜ ∃ of � D → ∀ y ( G ( y ) → ⊥ ) → ⊥ . Assume that all prime formulas P in � D F , G F ( y ) are c.i. and “invariant”. Then from assumptions F → P we can derive D F → G F ( et ( M ′ � ∃ ) t 1 . . . t n s ) , ˜ where M ′ ∃ is the result of substituting ∃ y G F ( y ) for ⊥ in M ˜ ∃ , and ˜ t 1 , . . . , t n and s are determined by D 1 , . . . , D n and G. Helmut Schwichtenberg Programs extracted from proofs: efficiency aspects

Example: Point of increase ∀ n ∃ G ∀ f ( f 0 ≤ n → Gf ≤ n ∧ f ( Gf ) ≤ f ( Gf + 1)) . Extracted terms (Minlog output for direct proof / CPS proof): [n0](Rec nat=>(nat=>nat)=>nat)n0([f2]0) ([n2,G3,f4][if (f4 1<f4 0) (Succ(G3([n5]f4(Succ n5)))) 0]) [n0](Rec nat=>(((nat=>nat)=>nat)=>(nat=>nat)=>nat)=> (nat=>nat)=>nat)n0 ([h2]h2([f4]0)) ([n2,p3,h4]p3([G6]h4([f8][if (f8 1<f8 0) (Succ(G6([n9]f8(Succ n9)))) 0]))) ([G2]G2) Helmut Schwichtenberg Programs extracted from proofs: efficiency aspects

Finitary algebras as non-flat Scott information systems ◮ An algebra ι is given by its constructors. ◮ Examples: 0 N , S N → N for N (unary natural numbers) , 1 C , S C → C , S C → C for C (Cantor algebra) , 0 1 0 D (axiom) and C D → D → D (rule) for D (derivations) . ◮ Examples of “tokens” ( ∗ : special symbol; no information): S n 0 ( n ≥ 0), S 2 ∗ (in N ) , S 0 S 1 S 0 S 0 1 , S 0 S 1 S 0 S 0 ∗ (in C ) , C ( C 0 ∗ )( C ∗ 0) (in D ) . ◮ A token is total if it contains no ∗ . ◮ In D : total token ∼ finite (well-founded) derivation. Helmut Schwichtenberg Programs extracted from proofs: efficiency aspects

Finitary algebras: consistency, entailment, ideals By example. For D (derivations): ◮ { C 0 ∗ , C ∗ 0 } is “consistent”, written C 0 ∗ ↑ C ∗ 0. ◮ { C 0 ∗ , C ∗ 0 } ⊢ C 00 (“entails”). ◮ Ideals: consistent and “deductively closed” sets of tokens. Examples of ideals: ◮ { C 0 ∗ , C ∗∗} . ◮ { C 00 , C 0 ∗ , C ∗ 0 , C ∗∗} , and generally the deductive closure of a finite (well-founded) derivation. ◮ { C ∗∗ , C ( C ∗∗ ) ∗ , C ∗ ( C ∗∗ ) , C ( C ∗∗ )( C ∗∗ ) , . . . } (“cototal”). ◮ Locally correct, but possibly non well-founded derivations (Mints 1978). An ideal x is cototal if every constructor tree P ( ∗ ) ∈ x has a “predecessor” P ( C � ∗ ) ∈ x . Helmut Schwichtenberg Programs extracted from proofs: efficiency aspects

Tokens and entailment for N ... • S ( S ( S 0)) ❅ � ❅ � ❅ � • • S ( S ( S ∗ )) S ( S 0) ❅ � ❅ � ❅ � • • S ( S ∗ ) S 0 ❅ � ❅ � ❅ � • • 0 S ∗ Helmut Schwichtenberg Programs extracted from proofs: efficiency aspects

Why non-flat? ◮ Continuous maps f : | N | → | N | (see below) are monotone: x ⊆ y → fx ⊆ fy . ◮ Easy: every constructor gives rise to a continuous function. ◮ Want: constructors have disjoint ranges and are injective (cf. the Peano axioms S x � = 0 and S x = S y → x = y ). ◮ This holds for non-flat algebras, but not for flat ones: S ( S 0) 0 S 0 . . . • • • There constructors must be strict (i.e., C � x ∅ � y = ∅ ), hence S 1 ∅ = ∅ = S 2 ∅ , In C : In D : C ∅{ 0 } = ∅ = C { 0 }∅ . Helmut Schwichtenberg Programs extracted from proofs: efficiency aspects

The Scott-Ershov model of partial continuous functionals ◮ Let A = ( A , Con A , ⊢ A ), B = ( B , Con B , ⊢ B ) be information systems (Scott). Function space: A → B := ( C , Con , ⊢ ), with C := Con A × B , � { ( U i , b i ) } i ∈ I ∈ Con := ∀ J ⊆ I ( U j ∈ Con A → { b j } j ∈ J ∈ Con B ) , j ∈ J { ( U i , b i ) } i ∈ I ⊢ ( U , b ) := ( { b i | U ⊢ A U i } ⊢ B b ) . ◮ Partial continuous functionals of type ρ : the ideals in C ρ . C ι := ( Tok ι , Con ι , ⊢ ι ) , C ρ → σ := C ρ → C σ . | C ρ | := set of ideals in C ρ . ◮ f ∈ | C ρ | : limit of formal neighborhoods U ∈ Con ρ → σ . ◮ f ∈ | C ρ | computable: r.e. limit. Helmut Schwichtenberg Programs extracted from proofs: efficiency aspects

A common extension T + of G¨ odels’s T and Plotkin’s PCF ◮ Terms of T + are built from (typed) variables and constants (constructors C or defined constants D , see below): M , N ::= x ρ | C ρ | D ρ | ( λ x ρ M σ ) ρ → σ | ( M ρ → σ N ρ ) σ . ◮ Every defined constant D comes with a system of computation rules D � P i ( � y i ) = M i with FV ( M i ) ⊆ � y i . ◮ � P i ( � y i ): “constructor patterns”, i.e., lists of applicative terms built from constructors and distinct variables, with each constructor C occurring in a context C � P (of base type). We assume that � P i and � P j for i � = j are non-unifiable. Examples: ◮ Predecessor P : N → N , defined by P 0 = 0, P ( S n ) = n , ◮ G¨ odel’s primitive recursion operators R τ N : N → τ → ( N → τ → τ ) → τ with computation rules R 0 fg = f , R ( S n ) fg = gn ( R nfg ), and ◮ the least-fixed-point operators Y ρ of type ( ρ → ρ ) → ρ defined by the computation rule Y ρ f = f ( Y ρ f ). Helmut Schwichtenberg Programs extracted from proofs: efficiency aspects

Corecursion operators Recall R τ N : N → τ → ( N → τ → τ ) → τ with computation rules R 0 fg = f , R ( S n ) fg = gn ( R nfg ). Corecursion operators: co R τ N : τ → ( τ → U + τ ) → N , co R τ C : τ → ( τ → U + τ + τ ) → C , co R τ D : τ → ( τ → U + τ × τ ) → D . Conversion: co R τ N NM �→ [ case MN of 0 | λ n ( S ( co R τ N nM ))] , co R τ C NM �→ [ case MN of 1 | λ n ( S 0 ( co R τ C nM )) | λ n ( S 1 ( co R τ C nM ))] , D NM �→ [ case MN of 0 D | λ x , y ( C D → D → D ( co R τ co R τ D xM , co R τ D yM ))] . Helmut Schwichtenberg Programs extracted from proofs: efficiency aspects