Proof Search in Minimal Logic Helmut Schwichtenberg Mathematisches - - PowerPoint PPT Presentation

Proof Search in Minimal Logic Helmut Schwichtenberg Mathematisches Institut, Universit¨ at M¨ unchen

1

Motivation Proof carrying code (Lee, Necula) Why? Proofs are machine checkable (easily) Here: “code carrying proofs” Prospects: Program development by proof transformation (adapt to special cases, computed function can change). Algorithms in constructive and even some classical proofs. Useful: proof search, in minimal logic

2

Example of a non-constructive proof There are irrational numbers a, b such that ab is rational. Case √ 2

√ 2 rational. Let a =

√ 2 and b = √

• 2. Then both

a, b are irrational, and by assumption ab is rational. Case √ 2

√ 2 irrational. Let a =

√ 2

√ 2 and b =

√

• 2. Then by

assumption a, b are irrational, and ab = √ 2

√ 2√ 2

= √ 2 2 = 2 is rational.

3

• I. Minimal, intuitionistic and classical logic

Johansson (1937): “Der Minimalkalk¨ ul, ein reduzierter intuitionistischer Formalismus” First order language, with →, ∀, ⊥. For simplicity no ∧. ∃ will be discussed separately. Negation, classical disjunction, and the classical existential quantifier are defined by ¬A := A → ⊥, A ∨cl B := ¬A → ¬B → ⊥, ∃clxA := ¬∀x¬A.

4

Natural deduction Assumption: u: A Intrduction and elimination rules for →: [u: A] | M B →+u A → B | M A → B | N A →− B

5

Natural deduction (ctd.) Intrduction and elimination rules for ∀: | M A ∀+x ∀xA | M ∀xA r ∀− A[x := r]

6

Proof terms uB (assumptions) | axioms | (λuAM B)A→B | (M A→BN A)B | (λxM A)∀xA | (M ∀xAt)A[x:=t] where in λxM A, x / ∈ FV(B) for all B with uB ∈ FA(M). ⊢ denotes derivability in minimal logic.

7

Axiom schemes for ∃ and ⊥ The introduction axiom is ∃+ : A → ∃xA and the elimination axiom is ∃− : (∀x.A → B) → ∃xA → B (x not free in B). For ⊥, the elimination axiom (“ex-falso-quodlibet”) is ⊥− : ⊥ → A. This clearly is derivable from its instances ⊥ → R x, for every relation symbol R.

8

Rules for ∃ The introduction rule is r | M A[x := r] ∃+ ∃xA and the elimination rule is | M ∃xA [u: A] | N B ∃−x, u (var.cond.) B

9

Classical logic Add “stability”, or the principle of indirect proof: Stab := { ∀ x.¬¬R x → R x | R relation symbol = ⊥ }. From StabR we can easily derive ⊢c ¬¬A → A, for every formula A of our language (based on →, ∀, ⊥). Call A classically derivable (written ⊢c A) if there is a derivation of A from StabR.

10

Negative translation (R t)g := ¬¬R t (R distinct from ⊥) ⊥g := ⊥, (A → B)g := Ag → Bg, (∀xA)g := ∀xAg. Theorem (G¨

• del-Gentzen translation g). For all A,
• ⊢c A ↔ Ag,
• Γ ⊢c A iff Γg ⊢ Ag, where Γg := { Bg | B ∈ Γ }.

11

• II. Normalization

Turing, Prawitz: Every derivation term can be tranformed into a “normal form”. A derivation in normal form does not make “detours”, or more precisely, it cannot occur that an elimination rule immediately follows an introduction rule. This entails the “subformula property”. The presence of ∃-rules makes it necessary to allow “permutative conversions” (Prawitz), to retain the subformula property.

12

∃-conversion r | M A[x := r] ∃+ ∃xA [u: A] | N B ∃−x, u B → | M A[x := r] | N ′ B

13

∃-perm conversion | M ∃xA | N B B | K C E-rule D → | M ∃xA | N B | K C E-rule D D

14

Normal versus non-normal derivations Statman and Orevkov (1979) gave examples of formulas Ck which are easily derivable with non-normal derivations (whose number of nodes is linear in k), but which require a non-elementary (in k) number of nodes in any normal derivation. The example is related to Gentzens proof of transfinite induction up to ωk in arithmetic. There the function y ⊕ ωx plays a crucial role, and also the assignment of a “lifting”-formula A+ to any formula A, by A+ := ∀y.(∀z ≺ y)A[z/x] → (∀z ≺ y ⊕ ωx)A[z/x].

15

Normal versus non-normal derivations (ctd.) Idea: Axiomatize R(y, x, z), to “mean” y + 2x = z. Hyp1 : ∀y R(y, 0, s(y)) Hyp2 : ∀y, x, z, z1.R(y, x, z) → R(z, x, z1) → R(y, s(x), z1) Ck := ∃clzk, . . . , z0.R(0, 0, zk) ∧ R(0, zk, zk−1) ∧ . . . ∧ R(0, z1, z0). Lemma 1. Ck is derivable with a non-normal derivation whose number of nodes is linear in k. Lemma 2. Any normal derivation of Ck from Hyp1 and Hyp2 has at least 2k nodes.

16

Normal versus non-normal derivations (ctd.) Searching for normal proofs in minimal logic can be complex. Moral: Break up your problem into auxiliary lemmata, each of which has a short normal proofs.

17

• III. Proof search

Based on Miller (1991) Complete for the →∧∀-language, in the sense that if there is a proof which uses each hypothesis at most m of times, then proof search w.r.t. this parameter m will find a proof. Presence of the existential quantifier ∃ poses a problem, for ∃ has been introduced by means of axiom schemata. Then the problem is which of such schemata to use in proof search, given a goal G and a set P of clauses.

18

Patterns We work in a fragment of the simply typed λ-calculus: every higher order variable Y appears in a context Y x, where x are distinct bound variables in the scope of the

• perator binding Y .

In first order logic: no restriction (no higher order vars). However, when designing a proof search algorithm for first

• rder logic, one is naturally led into this fragment of higher
• rder logic, where the algorithm works as well.

19

Pattern unification algorithm Let Q denote a prefix ∀ x∃ y∀ z, with distinct variables. We call x signature, y flexible and z forbidden variables of Q. r is a Q-term iff all its free variables are in Q, and for every subterm y r of r with y free in r and flexible in Q, the

• r are distinct vars either λ-bound in r or forbidden in Q.

20

Q-goals, Q-clauses

• If

r are Q-terms, then P r is a Q-goal and a Q-clause.

• D Q-clause and G Q-goal ⇒ D → G Q-goal.
• G Q-goal and D Q-clause ⇒ G → D Q-clause.
• If G is a Q∀x-goal, then ∀xG is a Q-goal.
• If D[y := Y

z] is a ∀ x∃ y, Y ∀ z-clause, then ∀yD is a ∀ x∃ y∀ z-clause.

21

Pattern unification algorithm (ctd.) Hence: A formula A is a Q-goal iff its free vars are in Q, and for every subterm y r of A with y either existentially bound or free in A and flexible in Q, the r are distinct vars either λ- or universally bound or free in A and forbidden in Q. A unification problem U consists of a ∀∃∀-prefix Q and a conjunction n

i=1 ri = si of equations between Q-terms.

A solution to a unification problem U is a Q-substitution ϕ such that for every i, riϕ = siϕ holds (same normal form).

22

Pattern unification algorithm (ctd.) Given: unification problem U = QC. Returns: substitution ρ, and another unification problem U ′ = Q′C′, such that

• ρ defined on flexible variables of Q only; value terms

have no free occurrences of forbidden variables from Q,

• if G is a Q-goal, then Gρ is a Q′-goal, and
• whenever ϕ′ is a U ′-solution, then (ρ ◦ ϕ′)↾Q∃ is a

U-solution.

23

Correctness

• Lemma. Given a unification problem U = QC, either
• the unification algorithm makes a transition U =

⇒ρ U′, and Φ′ : U ′-solutions → U-solutions ϕ′ → (ρ ◦ ϕ′)↾Q∃ is well-defined and we have Φ: U-solutions → U ′-solutions such that Φ′ is inverse to Φ, i.e. Φ′(Φϕ) = ϕ, or else

• the unification algorithm fails, and there is no U-solution.

24

Corollary Given a unification problem U = QC, the unif. algorithm

• either fails, and there is no U-solution, or else
• returns a pair (Q′, ρ) with a “transition” substitution ρ

and a prefix Q′ (i.e. a unification problem U ′ with no unification pairs) such that for any Q′-substitution ϕ′, (ρ ◦ ϕ′)↾Q∃ is an U-solution, and every U-solution can be

• btained in this way.

Since ε is a Q′-substitution, ρ↾Q∃ is a “most general” U-solution.

25

Proof search A Q-sequent has the form P ⇒ G, where P is a list of Q-clauses and G is a Q-goal. We write M[P] to indicate that all assumption variables in the derivation M are assumptions of clauses in P. Write ⊢n S for a set S of sequents if there are derivations M Gi

i [Pi] in long normal form for all (Pi ⇒ Gi) ∈ S such

that dp(Mi) ≤ n. Let ⊢<n S mean ∃m<n ⊢m S.

26

Context lemma Let Q be a ∀∃∀-prefix, and {P ⇒ ∀ x. D → A} ∪ S be Q-sequents with x, D not both empty. Then for every substitution ϕ: ϕ is a Q-subst such that ⊢n {P ⇒ ∀ x. D → A} ∪ S

• ϕ

if and only if ϕ is a Q∀ x-subst such that ⊢<n {P ∪ D ⇒ A} ∪ S

• ϕ.

27

Resolution lemma Let Q be a ∀∃∀-prefix, {P ⇒ P r} ∪ S be Q-sequents and ϕ a substitution. Then ϕ is a Q-substitution such that ⊢n {P ⇒ P r} ∪ S

• ϕ

iff there is a clause ∀ x. G → P s in P such that: Let z be the final universal variables in Q, X be new (“raised”) variables such that Xi z has the same type as xi, let Q∗ be Q with the existential variables extended by X, and let ∗ be [x1, . . . , xn := X1 z, . . . , Xn z]. Then unif(Q∗, r = s∗) = (Q′, ρ) and there is a Q′-substitution ϕ′ such that ⊢<n {P ⇒ G∗} ∪ S

• ρϕ′, and ϕ = (ρ ◦ ϕ′)↾Q∃.

28

Theorem Let Q be a prefix, and S be a set of Q-sequents. For every substitution ϕ: ϕ is a Q-substitution satisfying ⊢ Sϕ iff there is a prefix Q′, a substitution ρ and a Q′-substitution ϕ′ such that (Q, S) →ρ∗ (Q′, ∅), ϕ = (ρ ◦ ϕ′)↾Q∃.

29

Examples The sequent ∀y.∀zRyz → Q, ∀y1, y2Ry1y2 ⇒ Q leads to ∀y1, y2Ry1y2 ⇒ Ryz under ∃y∀z, then to y1 = y ∧ y2 = z under ∃y∀z∃y1, y2, and finally to Y1z = y ∧ Y2z = z under ∃y, Y1, Y2∀z, which has the solution Y1 = λzy, Y2 = λzz. The sequent ∀y.∀zRyz → Q, ∀y1Ry1y1 ⇒ Q leads to ∀y1Ry1y1 ⇒ Ryz under ∃y∀z, then to y1 = y ∧ y1 = z under ∃y∀z∃y1, and finally to Y1z = y ∧ Y1z = z under ∃y, Y1∀z, which has no solution.

30

• IV. Example: hsh is not the identity

We show ∃cln h(s(hn)) = n and extract an (unexpected) program from it (due to U.Berger). Surjectivity Lemma. g ◦ f surjective implies g surjective. Injectivity Lemma. g ◦ f injective implies f injective. Surjectivity-Injectivity Lemma. g ◦ f surjective and g injective implies f surjective.

31

Example: hsh is not the identity (ctd.) hsh-Theorem. ∀n s(n) = 0 → ¬∀n h(s(h(n))) = n.

• Proof. Assume h ◦ s ◦ h is the identity.

h injective by the Injectivity Lemma s ◦ h surjective by the Surjectivity-Injectivity Lemma s surjective by the Surjectivity Lemma Contradiction.

32

Example: hsh is not the identity (ctd.) hsh-Theorem-dn. ∀n s(n) = 0 → ∃cln h(s(h(n))) = n. ∀n s(n) = 0 is a “definite” formula. General theory applies: the proof contains an algorithm. Which one?

33

Extracted program [s,h][if (h(s(h(h 0)))=h 0) [if (h(s(h(s(h(h 0)))))=s(h(h 0))) (s(h(h 0)))] (h 0)] If h(s(h(h0))) = h0, take h0. Assume h(s(h(h0))) = h0. If h(s(h(s(h(h0))))) = s(h(h0)), then also h(s(h0)) = s(h(h0)); take 0 (using our assumption on s). Assume h(s(h(s(h(h0))))) = s(h(h0)). Take s(h(h0)).

34

• V. Extensions (1)

Take a completeness proof, which simultaneously searches for a derivation and a counterexample. Formalize this proof, and extract a program. If it terminates, the result is either a proof or a counterexample. Klaus Weich, dissertation “Improving Proof Search in Intuitionistic Propositional Logic”, Munich 2001

35

• V. Extensions (2)

Extend λ-calculus by if-then-else. Results:

• 1. Strong normalization, confluence.
• 2. Unification is undecidable (by reduction to the

Plotkin-Statman conjecture)

• 3. One can design a Huet-type unification algorithm.

Martin K¨ ubler, dissertation “Zwei Gedanken zur h¨

• herstufigen Unifikation - Relevanteste Unifikatoren und

Unifikation mit Fallunterscheidung”, Munich 2004

36