Download PowerPoint file for Hayashi`s talk at TLCA `05, May, 2005

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
Document related concepts

Minimax wikipedia , lookup

Artificial intelligence in video games wikipedia , lookup

Chicken (game) wikipedia , lookup

Evolutionary game theory wikipedia , lookup

Transcript 
Can Proofs be
Animated by Games?
Susumu Hayashi
Humanistic Informatics
Graduate School of Letters
Kyoto University
April 22, 2005, TLCA’05, Nara, Japan
1
What is the talk about?
 The
subject is
•1-backtracking game

A join work with S. Berardi and
Th. Coquand.
2
1-backtracking game
semantics

A restriction of the full backtracking
game semantics, introduced by
Th. Coqunad in 1991-2 , 1995.
• Coquand introduce a form of 1-backtracking
game already in 1991-2
3
Game semantics for PCF?



No! It is a semantics for logic.
However, it seems related to game
semantics of PCF and related calculi.
It is conjectured that Coquand’s
semantics is isomorphic to J. Laird’s
game semantics for PCF+Control, which
is an “extension” of the game semantics
by Hyland-Ong. (S. Berardi)
4
A different motivation


Although our semantics is likely to be
related to the game semantics by
Hyland-Ong and Laird, our motivation is
not full-abstraction.
Our motivation is Proof Animation.
5
Proof Score Method for
Proof Animation


CafeOBJ by Futatsugi et al.
a typical
of
A techniqueisof
“Proof example
Engineering”.
Proof Engineering. (This
Proof Engineering
my
terminology
for
afternoonisat
WRS
’05.)
the engineering to build formal proofs,
e.g., the researches and activities in the
projects of CafeOBJ, Coq, HOL, Mizar,
PVS,…
6
An example of Proof Animation
-- ASSUMPTION -There is a bag.
And some white or black marbles are in it.
-- CONCLUSION -All marbles in the bag are of the same color.
This is wrong.
However, we prove it by mathematical induction!
7
Proof of the theorem

Base case n=1 is easy

The induction step
group A
a1, a2, ・・・, an, an+1
group B
•
The theorem holds for groups A and B, since they have only n
marbles. All the marbles are of the same color, since they share
a n.
What is wrong?
8
The proof is constructive and
executable.
A wrong lemma was used!:
“groups A and B share a marble.”
You can introduce the wrong lemma
as a subgoal and prove the
theorem formally with a proof
checker. Then…
9
Proof animation helps to debug
formal constructive proofs



The proof was constructive and the wrong
lemma was detected quickly by executing the
proof by Curry-Howard isomorphism.
I often used such a technique in my
PX project in 1980’s. I could very quickly find
bugs in definitions, goals and subgoals by
the technique.
PX was a constructive proof animator.
10
Proof animation project


Build a proof animator which helps
formal proof developments not only for
constructive mathematics but also for
proof developments in general.
We must find a means to execute nonconstructive proofs.
11
Proof animator for
non-constructive proofs?


Classical proofs are not directly
executable.
However, there are many works to
“execute” classical proofs:
CPS translations, C-combinator,
lm-calculus,…
12
Constructive interpretations of
classical proofs are inadequate



These works are theoretically good, but are
not adequate for proof animation.
Locally legible: each computation step in
these semantics is legible enough.
Globally illegible: interpretations of proofs
with several steps combinatorially explode.
Algorithms resulting from even small proofs
cannot be understood.
13
An important REMARK



The global illegibility is not bad for logicians.
If the aim is to unwind classical proofs, such
as works by logicians Kreisel, Kohlenbach,
and Schwichtenberg, then the illegibility
implies non-triviality of their mathematical
works.
However, our aim is a technology of proof
engineering. If one can write an academic
paper when he or she could execute a proof
by a method executing classical proofs, then
the method is bad for proof animation.
14
What we need for proof
animation



We need a lightweight method
executing proofs in everyday proof
developments.
A tool for proof animation must be easy
to use as a test tool for programming
languages.
Its underlying theory must be easy to
understand. It is a tool, not an objective.
15
A solution: Inductive inference
from Learning Theory


Algorithmic Learning Theory: a discipline
to investigate “machine learning” from
the viewpoint of theory of computation.
(a.k.a. computational learning theory)
Inductive inference: the oldest
mathematical definition of learning in
algorithmic learning theory.
16
An example of learning process
by inductive inference (1)

MNP (Minimal Number Principle):
Let f be a function from Nat to Nat.
Then, there is n : Nat such that
f(n) is the smallest value among
f(0), f(1), f(2),…
Nat : the set of natural numbers
17
An example of learning process
by inductive inference (2)
Such an n is not Turing-computable
from f.
 However, the number n is inferred in
finite time from f by a non-stopping
algorithm of inductive inference.

18
The inductive inference
algorithm for MNP





Consider a box containing a natural number.
Denote the content of the box by x.
Initialize the box by setting x=0.
Regard f , as a stream f(0), f(1), f(2),…
Compare f(x) with the next element of the
stream, say f(n). If the new one is smaller than
f(x), then put n in the box. Otherwise, keep the
old value in the box.
Repeat it forever.
19
It gives the right answer in finite
time




We have a sequence of natural numbers:
f(n0)>f(n1)>f(n2)>…
Thus, the content of the box will eventually
become a correct answer and after then the
content x will never change.
In this sense, the non-terminating process infers
(or learns) the right answer in finite time.
You will eventually get a right answer,
although you will never know when you got it.
20
Limit-computable functions

The process inferring x is expressed by the limit:
lim n  ∞ h(n) = x


The functions defined by g(x)=lim n  ∞ f(n,x), for
a recursive function f, are called limitcomputable functions.
The limit-computable functions coincide with the
D02-functions.
21
Logic based on limit-computable
functions




Semantics of constructive mathematics is
given by the realizability interpretation based
on recursive functions.
The D02-functions constitute a domain of
abstract recursion theory.
Thus, we may replace recursive functions
with D02-functions to define a mathematics.
The defined mathematics is called
Limit-Computable Mathematics (LCM)
22
Execution of LCM proofs
All proofs of LCM are “executable”
by non-stopping inductive inference
algorithms.
 We can observe that LCM-proofs
perpetually approximate right
answers, and eventually reach right
answers.

23
What kind of mathematics holds
in LCM?


Not all classical theorems hold. For example,
Law of Excluded Middle holds for S01-formulas
but not for S02-formulas.
However, an unexpectedly large fragment of
classical theorems hold.
•

Dixon’s lemma, Hilbert’s invariant theory, Gödel's
completeness theorem, Hahn-Banach theorem,…
There are reverse mathematics-like
researches on the extent of LCM. (Akama et al.
LICS ’04, Toftdal ICALP ’04. in the references
of the proceedings paper.)
24
It looks fine, however...
A technical problem



If proofs are interpreted by limits over “time
parameter” t=0,1,2,… as the original theory
of inductive inference, then plural inductive
inference processes are merged into one
process to interpret logical inference rules
with plural premises.
The merged inference process behaves like
a CPU executing plural programs in the timesharing way.
Thus its behavior is not legible.
25
Possible solutions



Design a calculus of communicating
inductive inference processes.
Use generalized limits. S. Berardi has
introduced limit-interpretations based on
such generalized limits.
However, there is a much better way.
 Game
theoretical semantics
26
A semantics based on
1-backtracking game


There is a game theoretical semantics
equivalent to LCM.
Good points of games:
• Avoid the problem of global clock.
• More interactive.
• Much easier to understand than realizability
interpretation.
27
Game theoretical
semantics of logic (1)
Due to P. Lorenzen and J. Hinttika.
 In the semantics, validating a logical
formula is counted as a game
between two players Abelard
(opponent) and Eloise (proponent).

28
Game theoretical
semantics of logic (2)



For simplicity, we illustrate the
semantics by prenex normal forms:
$x1."y1.,…,$xn."yn.A(x1,y1,…,xn,yn) ,
where A is a decidable formula.
A play is a sequence of moves by
Eloise $ and Abelard ".
Eloise wins by making A(x1,y1,…,xn,yn)
true. Otherwise Eloise loses and
Abelard wins.
29
A play for $x1."y1.$x2."y2.A(x1,y1,x2,y2)
1. Eloise moves x1=5.
2. Abelard moves y1=11.
3. Eloise moves x2=7.
4. Abelard moves y2=2.


If A(5,11,7,2) is true, then Eloise wins.
If A(5,11,7,2) is false, then Abelard wins.
30
The definition of truth


A formula is defined to be true, if and only
if, there is a winning strategy for Eloise.
A strategy str of Eloise is a set-theoretical
function, which returns her next move
from the preceding moves, e.g.,
str([x1,y1] )= x2 for
$x1."y1.$x2."y2.A(x1,y1,x2,y2)
31
Constructive truth and game
theoretical semantics



Giving a strategy for Eloise means giving
Skolem functions.
Thus, the game theoretical truth definition
is equivalent to Tarski semantics.
And, a formula is constructively true
(recursively realizable) iff Eloise has a
constructive (recursive) strategy.
32
1-backtracking game



We introduce a new rule
• Eloise is allowed to backtrack to any preceding
position of the current situation of play and
restart from the position.
Eloise’s strategy may have a memory to record
information on past moves by Abelard and
Eloise.
Everything is the same besides these two.
33
A recursive winning strategy for
$x."a.((x>0A(x-1))(x=0A(a)))
1.
2.
3.
4.
Eloise moves x=0.
A(x) is assumed
to be decidable. Thus
Abelard
moves a=24.
the formula (x>0A(x-1))(x=0A(a)) is
If A(24) holds, Eloise stops and she wins. If
the decidable part of prenex form.
A(24) holds, she backtracks to
the stage 1, and moves with x=25,
i.e. x=24+1.
Then, Abelard moves. However, Eloise always
wins, since A(x-1) holds with x=24+1.
34
Stack presentation of the strategy:
$x."a.((x>0A(x-1))(x=0A(a)))

1.
2.
3.
4.
5.
We consider the case of backtracking, i.e. the
case A(24) holds.
The “stack” behaviour
• [x=0]
Eloise moves x=0.
• [x=0, a=24]
Abelard moves a=24.
• [ ] backtrack
Since A(24) holds,
and
Eloise backtracks
[x=25] new move
and moves with x=24+1.
Abelard moves, say a=743 4. [x=25,a=743]
5. Eloise wins,
Eloise wins.
since 25>0A(24)
holds.
35
The equivalence theorem

For any prenex normal formula A, the
following conditions are equivalent
• Eloise has a recursive winning strategy
for A.
• A is LCM-correct, i.e., it has a limitrecursive realizer.
37
Other logical signs


Conjunctions and disjunctions can be
treated as special kind of quantifiers.
Semantics of implication can be given by
Hinttika’s notion of “subgame”.
38
S01-EM is true
in the sense of 1-backtracking game

$x."a.((x>0A(x-1))(x=0A(a))) is
constructively equivalent to S01-EM:
$x.A(x) "a.A(a)

Eloise has a recursive winning strategy
for S01-EM.
39
The convergence property of
1-backtracking winning strategy

The Convergence
In the
Property:
proceedings paper,
I calledEloise
it “stability”,
butand more
• As Abelard attacks
with more
“convergence
is
moves, Eloise’s
move after aproperty”
winning strategy
eventually converges
in the manner
better. I changed
the of
inductive inference
name. to the right values given
by Tarski semantics.
• The convergences take place from the
outside of the formula to the inside of the
formula.
41
The Convergence Property
caution: over simplified for explanation

X1=a1
X1=a2
$x1."y1.$x2."y2.A(x1,y1,x2,y2)
X2=b1
X1=a3
X1=a4
X1=a5
X2=b2
X2=b3
X2=b4
When Abelard tries all
possible moves for him,
a1, a2, a3,… given by
Eloise’s winning strategy
converges to the right
value in the sense of
Tarski semantics. In this
figure, it is a5.
42
The Convergence Property and
Proof Animation (1)


When one animates a proof by an
animation tool, he tests the proof by
providing test inputs, sets of Abelard’s
moves.
The user of animator expects particular
values are returned for existential
quantifiers for the test inputs by the
winning strategy associated to the proof.
44
The Convergence Property and
Proof Animation (2)



The expected value is the limit of the
sequence of trial values a1, a2, a3,…
It is just as the inductive inference of
MNP example.
The behavior of 1-backtracking winning
strategy is always in this pattern ! You do
not need to worry about other patterns.
45
Full backtracking game and
Proof Animation



In Coquand’s full backtracking game, Eloise is
allowed to backtrack to any point of the “past”.
Even if a “stack” configuration was flushed
away (popped away) by her own backtracks,
she is allowed to return to positions of
configurations once flushed away.
A strategy for S02-EM already cannot have
convergence property. Values returned by the
strategy are locally correct, but never globally
correct. Thus, it is difficult to understand the
behavior of the strategy (proof).
46
Towards Proof Animator with
1-backtracking game


A proof animator via 1-backtracking
game is now planned.
The ultimate goal is to animate proofs of
David Hilbert’s theory of algebraic
invariants in his 1890 Mathematische
Annalen paper.
47
Hilbert’s invariant theory



This is the theory that Paul Gordan called “not
mathematics, but theology”.
In 19th century algebra, solutions had to be
given by algorithms. Gordan, who was the king
of invariant theory then, realized Hilbert’s proof
of the finite basis theorem embodies no
algorithm.
Hilbert used S01-EM repeatedly in the proof. All
other parts were constructive.
48
The “theology” is executable



“Theology” was S01-EM.
When the 1-backtracking animator is
built, Hilbert’s theology will run on a
computer!
Remark: LCM was found through my investigation of
history of mathematic on Hilbert’s invariant theory
thanks to help of a learning theorist Akihiro Yamamoto.
49
Generalized equivalence
theorem


Berardi has defined a 1-backtracking game
Back(G) for every game G in the sense of set
theory, and proved the following theorem:
For any recursion theoretic degree a, the
following are equivalent:
• The degree a contains a winning strategy for
•
Back(G).
The jump of the degree a contains a winning
strategy for G.
50
Iteration



Berardi’s Back(-) can be iterated.
Thus, we can “climb up” the arithmetical
hierarchy by iterating 1-backtracking
extension.
It might be possible to animate beyond
LCM using Berardi’s iteration.
51
Conclusion




1-backtracking game will serve as the right
foundations for a proof animation tool.
Hilbert’s invariant theory will be animated by
the proof animation tool.
It might be possible to animate beyond LCM
using Berardi’s iteration.
It seems to be related to game semantics for
the full abstraction problems.
52
Proof Animation/ LCM home
page

For more information, visit our home
page
http://www.shayashi.jp/PALCM/
53
Related documents
In Class Slides
In Class Slides
Word document
Word document
9/24 Intro to Proof notes File
9/24 Intro to Proof notes File
Five Proofs for the Existence of God – by St. Thomas Aquinas
Five Proofs for the Existence of God – by St. Thomas Aquinas
Semester 1 Final Exam Topics(Geom. 236)
Semester 1 Final Exam Topics(Geom. 236)
Week 13
Week 13
3.2 Proof and Perpendicular Lines
3.2 Proof and Perpendicular Lines
Here`s a handout
Here`s a handout
General Proof Theory - Matematički institut SANU
General Proof Theory - Matematički institut SANU
Questions#2
Questions#2
Proof - USD 343
Proof - USD 343
Methods of Proof for Boolean Logic
Methods of Proof for Boolean Logic