Program extraction from constructive proofs Helmut Schwichtenberg - PowerPoint PPT Presentation

Program extraction from constructive proofs Helmut Schwichtenberg Mathematisches Institut der Universit¨ at M¨ unchen

1. Hilbert’s programme The foundational crisis Some basic facts from mathematical logic Undefinability of truth G¨ odel’s incompleteness theorems Has Hilbert’s programme failed?

The foundational crisis Antinomies ∼ 1900, e.g. Russell’s: Let x 0 := { x | x / ∈ x } . Then x 0 ∈ x 0 ⇐ ⇒ x 0 / ∈ x 0 . Zermelo 1904: Proof that R can be well-ordered, using AC. Hilbert’s programme ∼ 1920: show that the use of ideal objects in proofs of theorems with a concrete meaning can be eliminated (example: Nullstellensatz), such that only “finitistic” methods are used. G¨ odel 1931: his second incompleteness theorem showed that this is impossible.

Formal languages Here: on natural numbers. Variables: x , y , z Function symbols: +, ∗ , S , 0 Terms: x | 0 | r + s | r ∗ s | S ( r ) Numerals are special terms: for a ∈ N let a be defined by 0 := 0 , n + 1 := S ( n ) . Formulas: r = s | A ∧ B | A ∨ B | A → B | ¬ A | ∀ xA | ∃ xA . Closed formula (sentence): Formula without free variables.

Examples x < y := ∃ z ( z � = 0 ∧ x + z = y ) y | x := ∃ z ( y ∗ z = x ) x prime number := 1 < x ∧ ∀ y ( y | x → y = 1 ∨ y = x ) There are inifinitely many primes: ∀ x ∃ y ( x < y ∧ y prime)

Semantics Let M = ( |M| , 0 M , S M ) be a structure for the language. 0 M = 0, S M ( a ) = a + 1. Here: |M| = N , Notion of truth for M : Th( M ) := { A | A closed formula such that M | = A } R ⊆ N definable: there is A R ( z ) such that R = { a ∈ N | M | = A R ( a ) } R ⊆ N k definable: similar

Undefinability of truth Enumeration of formulas: A �→ � A � Theorem. (Tarski) � Th( M ) � := { � A � | A closed formula such that M | = A } is undefinable. Fixed point lemma. For B ( z ) one can find a closed formula A such that M | = A iff M | = B ( � A � ) .

Proof of Tarski’s theorem Assumption: � Th( M ) � is definable, say by B W ( z ). Then for all closed formulas A M | = A iff M | = B W ( � A � ) . Consider the formula ¬ B W ( z ). By the fixed point lemma we have a closed formula A such that M | = A iff M | = ¬ B W ( � A � ) . Contradiction.

Decidability, Enumerability M ⊆ N decidable: there is an algorithm that terminates on input a and determines whether or not a ∈ M . Easy: M decidable ⇒ M definable. Corollary. � Th( M ) � is undecidable. M ⊆ N enumerable: there is an algorithm that terminates on input a iff a ∈ M . Easy: M enumerable ⇒ M definable. Corollary. � Th( M ) � is not enumerable.

Formal proofs Truth �→ Derivability in a formal theory T . Axioms: e.g. A (0) ∧ ∀ x ( A ( x ) → A ( S ( x ))) → ∀ xA ( x ) Rules: e.g. modus ponens. Assumptions on T : T axiomatized, i.e. Bew T ( n , m ) decidable. T consistent. T proves the axioms of Robinsons Q . Goal: T is incomplete.

Robinson’s Q S ( x ) � = 0 , S ( x ) = S ( y ) → x = y , x + 0 = x , x + S ( y ) = S ( x + y ) , x · 0 = 0 , x · S ( y ) = x · y + x , ∃ z ( x + S ( z ) = y ) ∨ x = y ∨ ∃ z ( y + S ( z ) = x ) .

Incompleteness Theorem (G¨ odel, Rosser). One can find a closed formula A such that �⊢ T A and �⊢ T ¬ A . Proof. Auxiliary claim: every decidable relation R is “representable” in T , by a formula B R ( � x ). Syntactic fixed point lemma. For B ( z ) one can find a closed formula A such that ⊢ T A ↔ B ( � A � ) . Bew T ( n , m ) decidable ⇒ Wdl T ( n , m ) decidable.

Proof of the incompleteness theorem � � T ⊢ ∀ x x < n → x = 0 ∨ · · · ∨ x = n − 1 , � � T ⊢ ∀ x x = 0 ∨ · · · ∨ x = n ∨ n < x . Let B Bew T ( x 1 , x 2 ) and B Wdl T ( x 1 , x 2 ) be formulas representing Bew T and Wdl T . By the (syntactic) fixed point lemma we have a closed formula A such that � � T ⊢ A ↔ ∀ x B Bew T ( x , � A � ) → ∃ y ( y < x ∧ B Wdl T ( y , � A � )) . A expresses its own underivability: “For every proof of me there is a shorter proof of my negation”. One can show ( ∗ ) T �⊢ A and ( ∗∗ ) T �⊢ ¬ A .

G¨ odel’s second incompleteness theorem provides an interesting alternative to the G¨ odel-Rosser formula A : a formula Con T expressing the consistency of T . Lemma (Σ 1 -completeness of Q ). Let A ( x 1 , . . . , x n ) be a Σ 1 -formula true for a 1 , . . . , a n . Then Q ⊢ A ( a 1 , . . . , a n ). Lemma (Formalized Σ 1 -Completeness). In an appropriate theory T of arithmetic with induction, we can formally prove for any Σ 1 -formula A x ) → ∃ p Bew T ( p , � A (˙ A ( � � x ) � ) .

G¨ odel’s second incompleteness theorem (continued) Let T ⊇ Q be an axiomatized consistent theory, with “enough” induction to formalize Σ 1 -completeness. Define Thm T ( x ) := ∃ y Bew T ( y , x ) , Con T := ¬∃ y Bew T ( y , � ⊥ � ) , � A := Thm T ( � A � ) . Derivability conditions for T (Hilbert-Bernays): T ⊢ A → � A ( A closed Σ 1 -formula), T ⊢ � ( A → B ) → � A → � B . Theorem (G¨ odel). Let T be as above, satisfying the derivability conditions. Then T �⊢ Con T .

Has Hilbert’s programme failed? No. There are directly justifiable and constructively acceptable proof methods which go beyond a given theory T , that is are not formalizable in T . Example (Gentzen): transfinite induction up to ε 0 and Peano arithmetic. Kreisel’s question. What more do we know if we have proved a theorem with restricted means, rather than only knowing that it is true?

2. Program extraction from constructive proofs Classical versus constructive proofs. Kreisel’s counterexample Proof terms The type of a formula Computational content of a proof Realizability, soundness

Example of a non-constructive proof Lemma There are irrational numbers a , b such that a b is rational. Proof. √ √ √ √ 2 rational. Let a = Case 2 2 and b = 2. Then both a , b are irrational, and by assumption a b is rational. √ √ √ √ √ 2 irrational. Let a = 2 and b = Case 2 2 2. Then by assumption a , b are irrational, and 2 � √ √ 2 � √ � √ � 2 a b = 2 = 2 = 2 is rational.

Kreisel’s counterexample Define the classical existential quantifier by ∃ cl xA := ¬∀ x ¬ A . We show: ⊢ ∀ x ∃ cl yA generally does not yield a program to compute y from x . Consider T ¬ ( x , y ) → ∀ zT ¬ ( x , z ) ⊢ ∀ x ∃ cl y � � . Let T ¬ ( x , y ) mean: y is not the number of a terminating computation of the Turing machine with number x , on input x . Lemma. There is no computable f satisfying T ¬ ( x , f ( x )) → ∀ zT ¬ ( x , z ) . Proof. Otherwise T ¬ ( x , f ( x )) ↔ ∀ zT ¬ ( x , z ), contradicting Church’s theorem ( ∀ zT ¬ ( x , z ) is undecidable).

Programs from constructive proofs Constructive logic = classical logic + ∃ . Undecidable, whether a program meets its specification. Formal proof: Correctness can be checked easily. proof = program with sufficiently many comments (more precisely: a program can be extracted). Vision: Use mathematical culture to organize complex structures, for the purpose of program extraction

Proof terms: assumption variables, conjunction ∧ u A u : A | M | N � M A , N B � A ∧ B A B ∧ + A ∧ B | M | M ( M A ∧ B 0) A ( M A ∧ B 1) B A ∧ B ∧ − A ∧ B ∧ − 0 1 A B

Proof terms for → [ u : A ] | M ( λ u A M B ) A → B B → + u A → B | M | N ( M A → B N A ) B A → B A → − B

Proof terms for ∀ | M ( λ xM A ) ∀ xA (VarC) A ∀ + x (VarC) ∀ xA | M ( M ∀ xA t ) A x [ t ] ∀ xA t ∀ − A x [ t ] Axioms for ∃ : ∃ + x , A : ∀ x . A → ∃ xA ∃ − x , A , B : ∃ xA → ( ∀ x . A → B ) → B ( x / ∈ FV ( B ))

The type of a formula Kolmogorov: Formulas = problems. Example ∀ x ∃ y ( x < y ∧ y prime) r ) | A ∧ B | A → B | ∀ x ρ A | ∃ x ρ A . Formulas: P ( � τ ( A ) := type of the program to be extracted from a proof of A , or := ε if proofs of A have no “computational content” (example: ∀ n f ( n ) = 0). τ ( P ( � r )) := ε ( P a predicate constant) � ρ if τ ( A ) = ε τ ( ∃ x ρ A ) := ρ × τ ( A ) otherwise

The type of a formula (ctd.) � ε if τ ( A ) = ε τ ( ∀ x ρ A ) := ρ ⇒ τ ( A ) otherwise � τ ( A i ) if τ ( A 1 − i ) = ε τ ( A 0 ∧ A 1 ) := τ ( A 0 ) × τ ( A 1 ) otherwise  τ ( B ) if τ ( A ) = ε   τ ( A → B ) := ε if τ ( B ) = ε  τ ( A ) ⇒ τ ( B ) otherwise 

Computational content of a proof [ [ M ] ]: τ ( A ), for M : A derivation (natural deduction style, written as a λ -term), and τ ( A ) � = ε . ] := x τ ( A ) ( x τ ( A ) [ u A ] uniquely associated with u A ) [ u u � [ [ M ] ] if τ ( A ) = ε [ λ u A M ] [ ] := λ x τ ( A ) [ [ M ] ] otherwise u � [ [ M ] ] if τ ( A ) = ε [ M A → B N ] [ ] := [ [ M ] ][ [ N ] ] otherwise

Computational content of a proof (ctd.) � [ [ M i ] ] if τ ( A 1 − i ) = ε [ � M A 0 0 , M A 1 [ 1 � ] ] := � [ [ M 0 ] ] , [ [ M 1 ] ] � otherwise � [ [ M ] ] if τ ( A 1 − i ) = ε [ M A 0 ∧ A 1 i ] [ ] := [ [ M ] ] i otherwise [( λ x ρ M ) ∀ xA ] ] := λ x ρ [ [ [ M ] ] [ M ∀ xA r ] [ ] := [ [ M ] ] r . Also: extracted terms for induction, cases, ∃ -axioms. For M : A where τ ( A ) = ε let [ [ M ] ] := ε (new symbol).