Logic for real number computation Helmut Schwichtenberg (j.w.w. - PowerPoint PPT Presentation

Logic for real number computation Helmut Schwichtenberg (j.w.w. Ulrich Berger, Kenji Miyamoto and Hideki Tsuiki) Mathematisches Institut, LMU, M¨ unchen Trends in Proof Theory, Hamburg, 20. - 21. September 2015 1 / 16

Dyadic rationals: a i � 2 i +1 . with a i ∈ {− 1 , 1 } =: PSD . i < k − 15 15 16 16 ¯ 1 ¯ 1 ¯ 1 ¯ 1 ¯ 1 ¯ 1 ¯ 1 ¯ 1 1 1 1 1 1 1 1 1 − 7 7 8 8 ¯ ¯ ¯ ¯ 1 1 1 1 1 1 1 1 − 3 3 4 4 ¯ ¯ 1 1 1 1 − 1 1 2 2 ¯ 1 1 0 with ¯ 1 := − 1. Adjacent dyadics can differ in many digits: 7 9 16 ∼ 1¯ 16 ∼ 11¯ 1¯ 111 , 1 . 2 / 16

Cure: flip after 1. Binary reflected (or Gray-) code. − 15 15 16 16 L R R L L R R L L R R L L R R L − 7 7 8 8 L R R L L R R L − 3 3 4 4 L R R L − 1 1 2 2 L R 0 7 9 16 ∼ RRRL , 16 ∼ RLRL . 3 / 16

Problem with productivity: ¯ 1111 + 1¯ 1¯ 1¯ 1 = ? (what is the first digit?) Cure: delay. ◮ For binary code: add 0. Signed digit code d i � with d i ∈ {− 1 , 0 , 1 } =: SD . 2 i +1 . i < k Widely used for real number computation. ◮ For Gray-code: add U , D , Fin L / R . Pre-Gray code. 4 / 16

Pre-Gray code 7 9 16 16 L L U D U Fin R Fin L R R 3 5 U D Fin L 8 8 Fin R 1 3 U U 4 4 Fin R R L 1 U 2 R 0 1 After computation in pre-Gray code, one can remove Fin a up to 2 k : U ◦ Fin a �→ a ◦ R , D ◦ Fin a �→ Fin a ◦ L , 5 / 16

Goal: extract algorithms on infinite objects from proofs, in a simple framework ( TCF ). Example: ◮ Infinite objects: streams, in pre-Gray code. ◮ Algorithm: average. Framework: ◮ Constructive logic ◮ Types: only function types (Scott/Ershov partial continuous functionals), over base types given by constructors (may contain infinite objects). ◮ Inductive & coinductive predicates, with their least & greatest fixed point axioms (i.e., induction & coinduction). 6 / 16

We will coinductively define a predicate co G and prove x , x ′ ( co G ( x ) → co G ( x ′ ) → co G ( x + x ′ ∀ nc )) (1) 2 x , x ′ : the reals x , x ′ have no computational significance). ( ∀ nc Associated with co G is its realizability extension ( co G ) r ( p , x ) ( p is a stream representation of x witnessing co G ( x )). Soundness theorem: ( co G ) r ( p , x ) → ( co G ) r ( p ′ , x ′ ) → ( co G ) r ( f ( p , p ′ ) , x + x ′ ) 2 for some stream transformer f extracted from the proof of (1), which never mentions streams. 7 / 16

What is co G ? Need simultaneously co H . x ∈ X ∃ a ( y = − ax − 1 x ∈ Y ( y = x Γ( X , Y ) := { y | ∃ r ) ∨ ∃ r 2) } , 2 x ∈ X ∃ a ( y = ax + 1 x ∈ Y ( y = x ∆( X , Y ) := { y | ∃ r ) ∨ ∃ r 2) } 2 ( ∃ r x : the real x has no computational significance) Define ( co G , co H ) := ν ( X , Y ) (Γ( X , Y ) , ∆( X , Y )). Coinduction: ( X , Y ) ⊆ (Γ( co G ∪ X , co H ∪ Y ) , ∆( co G ∪ X , co H ∪ Y )) → ( X , Y ) ⊆ ( co G , co H ) , Associated to Γ , ∆ are algebras G , H with constructors LR : PSD → G → G , U : H → G (for “undefined”) , Fin : PSD → G → H , D : H → H (for “delay”) . 8 / 16

Realizability extensions ( co G ) r and ( co H ) r : Γ r ( Z , W ) := { ( p , x ) | ∃ ( p ′ , x ′ ) ∈ Z ∃ a ( x = − ax ′ − 1 ∧ p = LR a ( p ′ )) ∨ u 2 ( q ′ , x ′ ) ∈ W ( x = x ′ ∃ u 2 ∧ p = U ( q ′ )) } , ∆ r ( Z , W ) := { ( q , x ) | ∃ ( p ′ , x ′ ) ∈ Z ∃ a ( x = ax ′ + 1 ∧ q = Fin a ( p ′ )) ∨ u 2 ( q ′ , x ′ ) ∈ W ( x = x ′ 2 ∧ q = D ( q ′ )) } ∃ u ( ∨ u : the whole formula has no computational significance). Define (( co G ) r , ( co H ) r ) := ν ( Z , W ) (Γ r ( Z , W ) , ∆ r ( Z , W )) 9 / 16

CoGAverage: x , y ( co G ( x ) → co G ( y ) → co G ( x + y ∀ nc )) . 2 Consider two sets of averages, the second one with a “carry” i ∈ SD 2 := {− 2 , − 1 , 0 , 1 , 2 } : Av := { x + y | x , y ∈ co G } , 2 Avc := { x + y + i | x , y ∈ co G , i ∈ SD 2 } . 4 Suffices: Avc satisfies the clause coinductively defining co G , for then by the greatest-fixed-point axiom for co G we have Avc ⊆ co G . Since we also have Av ⊆ Avc we obtain Av ⊆ co G , i.e., our claim. 10 / 16

CoGAvToAvc: = x ′ + y ′ + i x ′ , y ′ ∈ co G ∃ i ( x + y ∀ nc x , y ∈ co G ∃ r ) . 2 4 Implicit algorithm . f ∗ := cCoGPsdTimes, and s := cCoHToCoG. cL denotes the function extracted from the proof of a lemma L. CoGPsdTimes: ∀ nc x ∀ a ( co G ( x ) → co G ( a ∗ x )). f ( LR a ( p ) , LR a ′ ( p ′ )) = ( a + a ′ , f ∗ ( − a , p ) , f ∗ ( − a ′ , p ′ )) , f ( LR a ( p ) , U ( q )) = ( a , f ∗ ( − a , p ) , s ( q )) , f ( U ( q ) , LR a ( p )) = ( a , s ( q ) , f ∗ ( − a , p )) , f ( U ( q ) , U ( q ′ )) = (0 , s ( q ) , s ( q ′ )) . 11 / 16

Need J : SD → SD → SD 2 → SD 2 , K : SD → SD → SD 2 → SD with d + e + 2 i = J ( d , e , i ) + 4 K ( d , e , i ) (cases on d , e , i ). Then + y + e x + y + J ( d , e , i ) x + d + i + K ( d , e , i ) 2 2 4 = . 4 2 CoGAvcSatCoICl: x ′ + y ′ + j x ′ , y ′ ∈ co G ∃ j , d ( x + y + i + d 4 ∀ i ∀ nc x , y ∈ co G ∃ r = ) . 4 2 Implicit algorithm . f ( i , LR a ( p ) , LR a ′ ( p ′ )) = ( J ( a , a ′ , i ) , K ( a , a ′ , i ) , f ∗ ( − a , p ) , f ∗ ( − a ′ , p ′ )) , f ( i , LR a ( p ) , U ( q )) = ( J ( a , 0 , i ) , K ( a , 0 , i ) , f ∗ ( − a , p ) , s ( q )) , f ( i , U ( q ) , LR a ( p )) = ( J (0 , a , i ) , K (0 , a , i ) , s ( q ) , f ∗ ( − a , p )) , f ( i , U ( q ) , U ( q ′ )) = ( J (0 , 0 , i ) , K (0 , 0 , i ) , s ( q ) , s ( q ′ )) . 12 / 16

CoGAvcToCoG: x , y ∈ co G ∃ i ( z = x + y + i ∀ nc z ( ∃ r ) → co G ( z )) , 4 x , y ∈ co G ∃ i ( z = x + y + i ∀ nc z ( ∃ r ) → co H ( z )) . 4 Implicit algorithm . Proof uses SdDisj: ∀ d ( d = 0 ∨ ∃ a ( d = a )). g ( i , p , p ′ ) = let ( i 1 , d , p 1 , p ′ 1 ) = cCoGAvcSatCoICl ( i , p , p ′ ) in case cSdDisj ( d ) of 0 → U ( h ( i , p 1 , p ′ 1 )) a → LR a ( g ( − ai , f ∗ ( − a , p 1 ) , f ∗ ( − a , p ′ 1 ))) , h ( i , p , p ′ ) = let ( i 1 , d , p 1 , p ′ 1 ) = cCoGAvcSatCoICl ( i , p , p ′ ) in case cSdDisj ( d ) of 0 → D ( h ( i , p 1 , p ′ 1 )) a → Fin a ( g ( − ai , f ∗ ( − a , p 1 ) , f ∗ ( − a , p ′ 1 ))) . Composing CoGAvToAvc and CoGAvcToCoG gives CoGAverage. 13 / 16

Extracted term for CoGAvcToCoG: [ipp](CoRec sdtwo@@ag@@ag=>ag sdtwo@@ag@@ag=>ah)ipp ([ipp0][let idpp (cCoGAvcSatCoICl left ipp0 left right ipp0 right right ipp0) [case (cSdDisj left right idpp) (DummyL -> InR(InR(left idpp@right right idpp))) (Inr a -> InL(a@InR (a times inv left idpp@ cCoGPsdTimes inv a left right right idpp@ cCoGPsdTimes inv a right right right idpp)))]]) ([ipp0][let idpp ...] ...) ipp variable of type SD 2 × G × G variable of type SD 2 × SD × G × G idpp [ ipp ] r lambda abstraction λ ipp r function type SD 2 × G × G → H sdtwo@@ag@@ag=>ah r@s , left r , right r product term, components cL realizer for lemma L 14 / 16

Corecursion ∼ coinduction. co R ( G , H ) , ( σ,τ ) : σ → δ G → δ H → G G co R ( G , H ) , ( σ,τ ) : τ → δ G → δ H → H H with step types δ G := σ → PSD × ( G + σ ) + ( H + τ ) , δ H := τ → PSD × ( G + σ ) + ( H + τ ) . PSD × ( G + σ ) + ( H + τ ) appears since G has constructors LR : PSD → G → G and U : H → G , and H has constructors Fin : PSD → G → H and D : H → H . 15 / 16

◮ Analyzing the step terms gives the “implicit algorithm”. ◮ Extracted terms are in an extension T + of G¨ odel’s T , the term language of TCF . They denote partial continuous functionals (Scott/Ershov). ◮ Verification is automatic (soundness theorem). ◮ Minlog provides a translation to Haskell for (lazy) evaluation. ◮ “Code carrying proof” can be a reasonable alternative to “Proof carrying code” (Necula). 16 / 16