Download A program for the countable choice axiom

A program for
the countable choice axiom
Jean-Louis Krivine
PPS Group, University Paris 7, CNRS
[email protected]
Luminy, November 24, 2004
1
The extended Curry-Howard correspondence
We give a method to get imperative programs
from usual mathematical proofs.
There are essentially two frameworks for mathematics :
• Analysis i.e. Second order classical logic with the dependent choice axiom
• Classical Zermelo-Fraenkel set theory with the axiom of choice
For each axiom of these theories, we must find a suitable instruction
in our programming language : an extended λ-calculus.
This problem is now solved for all but one axiom : the full choice ;
it seems this last axiom will not resist too long.
The aim of this talk is : write an explicit program
for the countable choice axiom and explain its behaviour
(in analogy with call-cc for the law of Peirce).
2
The λc-calculus
¤c (resp. ¤0
c ) is the set of arbitrary (resp. closed) λc-terms.
¦ is the set of stacks. They are built following these rules :
1. Any variable x, and the constant cc are λc-terms.
2. If t, u are λc-terms and x is a variable, then (t)u and λx t are λc-terms.
3. If π is a stack, the constant kπ is a λc-term (called a continuation).
A stack is a sequence π = t1. . . . .tn.ρ of closed λc-terms ti
ended with a stack constant ρ (the bottom of the stack) ;
t.π denotes the stack obtained by pushing t on the top of π .
The constant cc is an example of instruction.
We may add other instructions and give, for each of them,
the corresponding rule of reduction.
3
Execution of processes
A process is a couple : t π with t ∈ ¤0
c , π ∈ ¦.
A process can be performed, a λc-term alone cannot.
t is called the head of the process t π .
At each moment, the head is the active part of the process.
The rules of reduction for processes are (with π , π ∈ ¦ and t, u ∈ ¤0
c) :
tu π t u.π
(push)
cc t.π t kπ .π (store the stack)
λx t u.π t[u/x] π (pop)
kπ t.π
t π
(restore the stack)
For each new instruction χ, we give a rule of reduction for χ.
For instance, if χ is a stop instruction, the rule is :
χ π t ρ for no process t ρ.
In the following, we use an instruction χ (signature) with the rule :
χ t.π t nπ .π
nπ is a Church integer
which is the number of the stack π in a fixed enumeration of ¦.
4
Typing in classical 2nd order logic
The only logical symbols are →, ∀ and function symbols on individuals.
⊥ is defined as ∀X X ; A ∧ B as ∀X{(A, B → X) → X} ;
∃x F [x] as ∀X{∀x(F [x] → X) → X} ; x = y as ∀X(Xx → Xy) ; etc.
Let ¡ denote x1 : A1, . . . , xn : An (a context). Typing rules are :
1. ¡ xi : Ai (1 ≤ i ≤ n)
2. ¡ t : A → B , ¡ u : A ⇒ ¡ tu : B .
3. ¡, x : A t : B ⇒ ¡ λx t : A → B .
4. ¡ t : (A → B) → A ⇒ ¡ cc t : A.
5. ¡ t : A ⇒ ¡ t : ∀x A (resp. ∀X A) if x (resp. X ) is not free in ¡.
6. ¡ t : ∀x A ⇒ ¡ t : A[τ /x] for every term τ .
7. ¡ t : ∀X A ⇒ ¡ t : A[©(x1, . . . , xn)/Xx1 . . . xn] for each formula ©.
The comprehension scheme for second order logic is included in 7,
the law of Peirce in 4.
5
Realizability
The notion of model is the usual one, for a second order language
with only function symbols on individuals.
Simply the set of truth values is now P(¦) instead of {0, 1}.
Thus, a model M is a set M of individuals (M = N in this talk), together
with an interpretation fM : M k → M of each k-ary function symbol f .
k
2nd order variables of arity k are valued in P(¦)M = P(¦×M k ).
To define realizability, let ⊥
⊥ be a fixed saturated set of processes, i.e. :
t π∈⊥
⊥, t
π
t π⇒t
π ∈⊥
⊥
Let t ∈ ¤0
c and P ⊂ ¦ be a truth value.
We say that t − P (t realizes P) iff (∀π ∈ P) t
π∈⊥
⊥.
We can now define the truth value and the realizability for any formula.
6
Realizability (cont.)
Let A be a closed 2nd order formula with parameters in M and P(¦×M k ).
Its truth value, defined below, is a subset of ¦ denoted by A .
Thus, we say that t − A (t realizes A) iff (∀π ∈ A ) t π ∈ ⊥
⊥.
Definition of A , by induction on A :
k
M
A atomic i.e. R(a1, . . . , ak ), R ∈ P(¦) , ai ∈ M : obvious.
A → B = {t.π ; t − A, π ∈ B } ;
∀X A =
{ A[R/X] ; R ∈ P(¦×M k )}
∀x A =
A[a/x]
a∈M
Thus
t − ∀x A ⇔ (∀a ∈ M ) t − A[a/x]
and
t − ∀X A ⇔ (∀R ∈ P(¦×M k )) t − A[R/X].
The set {t ∈ ¤0
c ; t − A} is denoted by |A|.
7
Generalized formulas
A formula F [x1, . . . , xk ] define a k-ary predicate, i.e. an application
of Nk into the set P(¦) of truth values.
We shall need to define predicates by other means, which lead us to write
generalized formulas, for instance :
<
m<n
F (m) ; its truth value is
<
F (m) =
F (m) .
m<n
m<n
A → B where A is a subset of ¤0
c and B is a formula. Its truth value is :
A → B = {t.π ; t ∈ A, π ∈ B }
Of course, such generalized formulas are only abbreviations for predicates ;
there is no particular rule of deduction to handle them.
8
Proofs and terms
Realizability is a fundamental tool because it is compatible
with classical second order deduction :
Adequation lemma.
t : © and if ti − ©i (1 ≤ i ≤ n)
If x1 : ©1, . . . , xn : ©n
then t[t1/x1, . . . , tn/xn] − ©.
This property is useful for two reasons :
1. To solve the specification problem for a given theorem ©, i.e. to understand the
common behaviour of λc-terms extracted from proofs of ©.
A very interesting but difficult problem. We can use the adequation lemma and study
the behaviour of λc-terms which realize ©.
2. To extend the λc-calculus with new instructions which realize
given axioms or independent formulas (like AC, CH, etc).
In this talk, we deal with the axiom of countable choice.
9
Definitions and remarks
A proof-like term is a closed λc-term which contains no continuation.
We say that the formula © is realized if τ − © for a proof-like term τ . Thus :
• Every term which comes from a proof is proof-like.
• If the axioms are realized, every provable formula is realized.
The truth values ∅ and ¦ are denoted by and ⊥.
⊥ = ∅. It is a degenerate case
There is no other iff ⊥
in which we get the usual two-valued notion of model.
If ⊥
⊥ = ∅, then τ − ⊥ for some τ ∈ ¤0
⊥ and τ = kπ t.
c : take t π ∈ ⊥
⊥ is generally done according to the theorem © for which
The choice of ⊥
we want to solve the specification problem. Let us take a trivial example :
Theorem. If θ comes from a proof of ∀X(X → X) (with any realized axioms)
then θ t.π t π i.e. θ behaves like λx x.
⊥ = {p ; p t π} and X = {π}.
QED
Proof. Take ⊥
Example : θ = λx ccλk kx.
10
The countable axiom of choice
It is the following axiom scheme (for any formula F ) :
∃V ∀x(F [x, V (x, y)/Xy] → ∀X F [x, X])
In order to realize this formula, let n → πn be a fixed surjection of N onto ¦.
We define a new instruction χ by the reduction rule :
χ ξ.π ξ n.π
for every ξ ∈ ¤0
c and π ∈ ¦ ; n is any Church integer such that πn = π
The simplest way, at first sight, to implement this, is to choose
a recursive bijection for the function n → πn.
A practical method is by means of a signature (like MD5 or SHA1).
But there are other possibilities, for example a clock.
11
The intuitionistic countable choice axiom
We now show that χ almost realizes the countable choice axiom :
Theorem. There exists U : N3 → P(¦) such that
χ − ∀x{∀n(Int[n] → F [x, U (x, n, y)/Xy]) → ∀X F [x, X]}.
Proof. By definition of ∀X F [x, X] , we have :
π ∈ ∀X F [x, X] ⇔ (∃R ∈ P(¦)N) π ∈ F [x, R/X] .
By countable choice, we get a function U : N3 → P(¦) such that
π ∈ ∀X F [x, X] ⇔ π ∈ F [x, U (x, n, y)/Xy] , for any n s.t. πn = π .
Let x ∈ N, ξ − ∀n(Int[n] → F [x, U (x, n, y)/Xy]) and π ∈ ∀X F [x, X] .
⊥ and, by the rule for χ, it suffices to show
We must show that χ ξ.π ∈ ⊥
ξ n.π ∈ ⊥
⊥ for any n s.t. πn = π . But this follows from
n − Int[n], π ∈ F [x, U (x, n, y)/Xy] (by definition of U ) and
ξ − Int[n] → F [x, U (x, n, y)/Xy].
QED
12
The intuitionistic countable choice axiom (cont.)
We have shown that the following axiom scheme is realized (by λx xχ) :
∃U ∀x{∀n(Int[n] → F [x, U (x, n, y)/Xy]) → ∀X F [x, X]}
It may be called the intuitionistic countable choice axiom.
Indeed, the predicate U has been explicitly given.
The usual countable choice axiom follows easily, but not intuitionistically.
Merely define, for each x, the unary predicate V (x, •) as U (x, n, •)
for the first integer n such that ¬F [x, U (x, n, y)/Xy],
or as N if there is no such integer.
We must be very careful in formalizing this proof, in order to get
a rather simple program and understand its behaviour.
13
Formalizing this proof
Notation. Given a formula F [x, X], we write FU (x, n) for F [x, U (x, n, y)/Xy].
)
Set V (x, y) ≡ ∀n{ m<n|{m} → FU (x, m)|, {n}, ¬FU (x, n) → U (x, n, y)}
We should prove the countable choice : ∀x{F [x, V (x, y)/Xy] → ∀X F [x, X]}
but a problem arise from extensionality. We need to relax a little :
∀x{∀X(X V x → F [x, X]) → ∀X F [x, X]}
where X
V x is the formula ∀y(Xy ↔ V (x, y)).
This is clearly a form of the countable choice axiom.
Now, we have shown that :
χ − ∀x{∀n({n} → FU (x, n)) → ∀X F [x, X]}
so that we only need to prove :
∀X(X V x → F [x, X]) → ∀n({n} → FU (x, n))
14
Formalization (cont.)
We now use a property of the fixpoint operator. If Z is a unary predicate, then :
)
Y − ∀n| m<n Zm → Zn| → ∀n Zn
Easy proof, by induction on n. Intuitive meaning : < is well founded on N.
We take Zn ≡ {n} → FU (x, n) and it remains to prove :
∀X(X
)
V x → F [x, X]), m<n |{m} → FU (x, m)|, {n} → FU (x, n)
But now n is fixed (and also x) and we can replace Xy with U (x, n, y).
So, we get the following three hypothesis :
)
∀y[U (x, n, y) ↔ V (x, y)] → FU (x, n) ; m<n |{m} → FU (x, m)| ; {n}
and we must conclude FU (x, n).
By the law of Peirce, we can add the hypothesis ¬FU (x, n) for free.
15
Formalization (cont.)
It remains to prove two formulas : V (x, y) → U (x, n, y) ; U (x, n, y) → V (x, y)
)
with three hypothesis : m<n |{m} → FU (x, m)|; {n}; ¬FU (x, n).
The first conclusion is trivial, by the very definition of V (x, y) :
)
V (x, y) ≡ ∀n{ m<n|{m} → FU (x, m)|, {n}, ¬FU (x, n) → U (x, n, y)}
In order to get the second, we use the following well known
Lemma. There exists a closed λ-term Comp such that, for every n, n ∈ N
Comp n n xyz x if n < n ;
y if n < n ;
z if n = n .
Set α = (k)(x )n and α = (k )(x)n . Then, for every unary X, Z
)
λxλnλkλx λn λk Comp nn αα − m<n|{m} → Xm|, {n}, ¬Xn,
)
m <n |{m } → Xm |, {n }, ¬Xn → (Zn → Zn )
Replace Xn with FU (x, n) and Zn with U (x, n, y),
then introduce the quantifier ∀n and that’s it.
16
The program
We get in this way the following program for the countable choice axiom :
γ = λf (χ)(Y)λxλn(cc)λk f στ
− ∀X{∀y(Xy ↔ V (x, y)) → F [x, X]} → ∀X F [x, X]
with σ = λg gxnk ; τ = λuλx λn λk Comp nn αα u ;
α = (k)(x )n and α = (k )(x)n .
V is a new predicate constant, associated with the formula F .
Its interpretation in the model has been given above.
The behaviour of γ depends on the implementation of the instruction χ.
The reduction rule of χ is χ ξ.π ξ n.π where n is :
• the current time ; χ is implemented as a clock ;
• the number of π in a given enumeration ; χ is implemented as a signature.
17
The behaviour
Let us look at the execution of a process γ f.π :
γ f.π χ Yξ.π (where ξ = λxλn(cc)λk f στ depends only on f )
Yξ nπ .π ξ η.nπ .π (with η = Yξ ). Therefore
γ f.π f σf π .τf π .π
with σf π = σ[η/x, nπ /n, kπ /k].
Now σf π is simply the triple <η, nπ , kπ >, in other words
σf π stores the current state f.π at the present execution of γ .
τf π performs the real job : it looks at two such states f.π and f .π
and compare their indexes n and n . If n = n it does nothing.
If n < n it restarts with γ f .π : the second file with the first stack.
Thus, the main function of this program is :
to update files (if χ is a clock)
or to choose a good version of a file (if χ is a signature).
18
References
1. S. Berardi, M. Bezem, T. Coquand On the computational content of the axiom of
choice. J. Symb. Log. 63, pp. 600-622 (1998).
2. U. Berger, P. Oliva Modified bar recursion and classical dependent choice. Preprint.
3. J.-L. Krivine Dependent choices, ‘quote’ and the clock.
Th. Comp. Sc. 308, pp. 259-276 (2003).
4. J.-L. Krivine Realizability in classical logic.
Preprint, to appear in : Panoramas et synthèses, SMF.
Pdf files at http://www.pps.jussieu.fr/~krivine
19