Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download PDF
Document related concepts
Gödel's incompleteness theorems wikipedia , lookup
Intuitionistic logic wikipedia , lookup
Turing's proof wikipedia , lookup
Peano axioms wikipedia , lookup
Axiom of reducibility wikipedia , lookup
Law of thought wikipedia , lookup
List of first-order theories wikipedia , lookup
Model theory wikipedia , lookup
Truth-bearer wikipedia , lookup
Intuitionistic type theory wikipedia , lookup
Georg Cantor's first set theory article wikipedia , lookup
Naive set theory wikipedia , lookup
Kolmogorov complexity wikipedia , lookup
Foundations of mathematics wikipedia , lookup
Mathematical logic wikipedia , lookup
Natural deduction wikipedia , lookup
Transcript
Constructive Proofs and Program Extraction
Christoph Kreitz
1. Type Theory vs. Set Theory
2. Overview of the Nuprl System
3. Proofs of the Integer Square Root Problem
What distinguishes Type Theory from Set Theory?
What is the meaning of
PRL Seminar, February 23, 2004
1
∀n ∃r r 2≤n ∧ n<(r+1)2
Constructive Proofs and Program Extraction
What distinguishes Type Theory from Set Theory?
What is the meaning of
∀n ∃r r 2≤n ∧ n<(r+1)2
• Set Theory
– Integer square roots exist for all natural numbers
PRL Seminar, February 23, 2004
1
Constructive Proofs and Program Extraction
What distinguishes Type Theory from Set Theory?
What is the meaning of
∀n ∃r r 2≤n ∧ n<(r+1)2
• Set Theory
– Integer square roots exist for all natural numbers
√
– A proof shows that the notion b nc is well-defined
PRL Seminar, February 23, 2004
1
Constructive Proofs and Program Extraction
What distinguishes Type Theory from Set Theory?
What is the meaning of
∀n ∃r r 2≤n ∧ n<(r+1)2
• Set Theory
– Integer square roots exist for all natural numbers
√
– A proof shows that the notion b nc is well-defined
– Different proofs lead to the same insight
PRL Seminar, February 23, 2004
1
Constructive Proofs and Program Extraction
What distinguishes Type Theory from Set Theory?
What is the meaning of
∀n ∃r r 2≤n ∧ n<(r+1)2
• Set Theory
– Integer square roots exist for all natural numbers
√
– A proof shows that the notion b nc is well-defined
– Different proofs lead to the same insight
• Type Theory
– There is a method to construct integer square roots
PRL Seminar, February 23, 2004
1
Constructive Proofs and Program Extraction
What distinguishes Type Theory from Set Theory?
What is the meaning of
∀n ∃r r 2≤n ∧ n<(r+1)2
• Set Theory
– Integer square roots exist for all natural numbers
√
– A proof shows that the notion b nc is well-defined
– Different proofs lead to the same insight
• Type Theory
– There is a method to construct integer square roots
√
– Algorithms for computing b nc can be extracted from proofs
PRL Seminar, February 23, 2004
1
Constructive Proofs and Program Extraction
What distinguishes Type Theory from Set Theory?
What is the meaning of
∀n ∃r r 2≤n ∧ n<(r+1)2
• Set Theory
– Integer square roots exist for all natural numbers
√
– A proof shows that the notion b nc is well-defined
– Different proofs lead to the same insight
• Type Theory
– There is a method to construct integer square roots
√
– Algorithms for computing b nc can be extracted from proofs
– Different proofs lead to different algorithms
PRL Seminar, February 23, 2004
1
Constructive Proofs and Program Extraction
Proofs for ∀n ∃r r 2≤n ∧ n<(r+1)2
• Nonconstructive
– Assume r wouldn’t exist for some n
PRL Seminar, February 23, 2004
2
Constructive Proofs and Program Extraction
Proofs for ∀n ∃r r 2≤n ∧ n<(r+1)2
• Nonconstructive
– Assume r wouldn’t exist for some n
– Then for all r: r 2 > n or (r+1)2≤n
PRL Seminar, February 23, 2004
2
Constructive Proofs and Program Extraction
Proofs for ∀n ∃r r 2≤n ∧ n<(r+1)2
• Nonconstructive
– Assume r wouldn’t exist for some n
– Then for all r: r 2 > n or (r+1)2≤n
– Consider r1 = min{r|r 2 > n}-1
PRL Seminar, February 23, 2004
2
Constructive Proofs and Program Extraction
Proofs for ∀n ∃r r 2≤n ∧ n<(r+1)2
• Nonconstructive
–
–
–
–
Assume r wouldn’t exist for some n
Then for all r: r 2 > n or (r+1)2≤n
Consider r1 = min{r|r 2 > n}-1
Then r12≤n and (r1+1)2 > n – a contradiction
PRL Seminar, February 23, 2004
2
Constructive Proofs and Program Extraction
Proofs for ∀n ∃r r 2≤n ∧ n<(r+1)2
• Nonconstructive
– Assume r wouldn’t exist for some n
– Then for all r: r 2 > n or (r+1)2≤n
– Consider r1 = min{r|r 2 > n}-1
– Then r12≤n and (r1+1)2 > n – a contradiction
Unnecessary indirect approach - it masks a constructive argument
PRL Seminar, February 23, 2004
2
Constructive Proofs and Program Extraction
Proofs for ∀n ∃r r 2≤n ∧ n<(r+1)2
• Nonconstructive
– Assume r wouldn’t exist for some n
– Then for all r: r 2 > n or (r+1)2≤n
– Consider r1 = min{r|r 2 > n}-1
– Then r12≤n and (r1+1)2 > n – a contradiction
Unnecessary indirect approach - it masks a constructive argument
• Mathematical rigor: Induction on n
PRL Seminar, February 23, 2004
2
Constructive Proofs and Program Extraction
Proofs for ∀n ∃r r 2≤n ∧ n<(r+1)2
• Nonconstructive
– Assume r wouldn’t exist for some n
– Then for all r: r 2 > n or (r+1)2≤n
– Consider r1 = min{r|r 2 > n}-1
– Then r12≤n and (r1+1)2 > n – a contradiction
Unnecessary indirect approach - it masks a constructive argument
• Mathematical rigor: Induction on n
– Base Case: prove ∃r r 2≤0
PRL Seminar, February 23, 2004
∧
0<(r+1)2
2
Constructive Proofs and Program Extraction
Proofs for ∀n ∃r r 2≤n ∧ n<(r+1)2
• Nonconstructive
– Assume r wouldn’t exist for some n
– Then for all r: r 2 > n or (r+1)2≤n
– Consider r1 = min{r|r 2 > n}-1
– Then r12≤n and (r1+1)2 > n – a contradiction
Unnecessary indirect approach - it masks a constructive argument
• Mathematical rigor: Induction on n
– Base Case: prove ∃r r 2≤0 ∧ 0<(r+1)2
Choose r = 0, prove 02≤0 ∧ 0<(0+1)2 using standard arithmetic
PRL Seminar, February 23, 2004
2
Constructive Proofs and Program Extraction
Proofs for ∀n ∃r r 2≤n ∧ n<(r+1)2
• Nonconstructive
– Assume r wouldn’t exist for some n
– Then for all r: r 2 > n or (r+1)2≤n
– Consider r1 = min{r|r 2 > n}-1
– Then r12≤n and (r1+1)2 > n – a contradiction
Unnecessary indirect approach - it masks a constructive argument
• Mathematical rigor: Induction on n
– Base Case: prove ∃r r 2≤0 ∧ 0<(r+1)2
Choose r = 0, prove 02≤0 ∧ 0<(0+1)2 using standard arithmetic
– Step case: assume ∃rn r2≤n ∧ n<(rn+1)2 and
prove ∃r r 2≤n+1 ∧ n+1<(r+1)2
PRL Seminar, February 23, 2004
2
Constructive Proofs and Program Extraction
Proofs for ∀n ∃r r 2≤n ∧ n<(r+1)2
• Nonconstructive
– Assume r wouldn’t exist for some n
– Then for all r: r 2 > n or (r+1)2≤n
– Consider r1 = min{r|r 2 > n}-1
– Then r12≤n and (r1+1)2 > n – a contradiction
Unnecessary indirect approach - it masks a constructive argument
• Mathematical rigor: Induction on n
– Base Case: prove ∃r r 2≤0 ∧ 0<(r+1)2
Choose r = 0, prove 02≤0 ∧ 0<(0+1)2 using standard arithmetic
– Step case: assume ∃rn r2≤n ∧ n<(rn+1)2 and
prove ∃r r 2≤n+1 ∧ n+1<(r+1)2
3
2
1
0
PRL Seminar, February 23, 2004
2
6
-
0
1
2
3
4
5
6
7
8
9
Constructive Proofs and Program Extraction
Proofs for ∀n ∃r r 2≤n ∧ n<(r+1)2
• Nonconstructive
– Assume r wouldn’t exist for some n
– Then for all r: r 2 > n or (r+1)2≤n
– Consider r1 = min{r|r 2 > n}-1
– Then r12≤n and (r1+1)2 > n – a contradiction
Unnecessary indirect approach - it masks a constructive argument
• Mathematical rigor: Induction on n
– Base Case: prove ∃r r 2≤0 ∧ 0<(r+1)2
Choose r = 0, prove 02≤0 ∧ 0<(0+1)2 using standard arithmetic
– Step case: assume ∃rn r2≤n ∧ n<(rn+1)2 and
prove ∃r r 2≤n+1 ∧ n+1<(r+1)2
3 6
– If (rn+1)2≤n+1
rn+1
2
then choose r = rn+1
rn
1
0
PRL Seminar, February 23, 2004
2
0
1
2
n n+1
3 4 5
-
6
7
8
9
Constructive Proofs and Program Extraction
Proofs for ∀n ∃r r 2≤n ∧ n<(r+1)2
• Nonconstructive
– Assume r wouldn’t exist for some n
– Then for all r: r 2 > n or (r+1)2≤n
– Consider r1 = min{r|r 2 > n}-1
– Then r12≤n and (r1+1)2 > n – a contradiction
Unnecessary indirect approach - it masks a constructive argument
• Mathematical rigor: Induction on n
– Base Case: prove ∃r r 2≤0 ∧ 0<(r+1)2
Choose r = 0, prove 02≤0 ∧ 0<(0+1)2 using standard arithmetic
– Step case: assume ∃rn r2≤n ∧ n<(rn+1)2 and
prove ∃r r 2≤n+1 ∧ n+1<(r+1)2
3 6
– If (rn+1)2≤n+1
rn+1 = rn
2
then choose r = rn+1
1
n n+1
0
0 1 2 3 4 5 6 7 8 9
otherwise choose r = rn
PRL Seminar, February 23, 2004
2
Constructive Proofs and Program Extraction
Proofs for ∀n ∃r r 2≤n ∧ n<(r+1)2
• Nonconstructive
– Assume r wouldn’t exist for some n
– Then for all r: r 2 > n or (r+1)2≤n
– Consider r1 = min{r|r 2 > n}-1
– Then r12≤n and (r1+1)2 > n – a contradiction
Unnecessary indirect approach - it masks a constructive argument
• Mathematical rigor: Induction on n
– Base Case: prove ∃r r 2≤0 ∧ 0<(r+1)2
Choose r = 0, prove 02≤0 ∧ 0<(0+1)2 using standard arithmetic
– Step case: assume ∃rn r2≤n ∧ n<(rn+1)2 and
prove ∃r r 2≤n+1 ∧ n+1<(r+1)2
3 6
– If (rn+1)2≤n+1
2
then choose r = rn+1
1
0
0 1 2 3 4 5 6 7 8 9
otherwise choose r = rn
– Proof obligation follow using standard arithmetic
PRL Seminar, February 23, 2004
2
Constructive Proofs and Program Extraction
Proofs for ∀n ∃r r 2≤n ∧ n<(r+1)2
• Nonconstructive
– Assume r wouldn’t exist for some n
– Then for all r: r 2 > n or (r+1)2≤n
– Consider r1 = min{r|r 2 > n}-1
– Then r12≤n and (r1+1)2 > n – a contradiction
Unnecessary indirect approach - it masks a constructive argument
• Mathematical rigor: Induction on n
– Base Case: prove ∃r r 2≤0 ∧ 0<(r+1)2
Choose r = 0, prove 02≤0 ∧ 0<(0+1)2 using standard arithmetic
– Step case: assume ∃rn r2≤n ∧ n<(rn+1)2 and
prove ∃r r 2≤n+1 ∧ n+1<(r+1)2
3 6
– If (rn+1)2≤n+1
2
then choose r = rn+1
1
0
0 1 2 3 4 5 6 7 8 9
otherwise choose r = rn
– Proof obligation follow using standard arithmetic
√
– Proof leads to algorithm that constructs b nc inductively
PRL Seminar, February 23, 2004
2
Constructive Proofs and Program Extraction
How to extract algorithms from proofs?
• Use formal logic to express proof
– First-Order Logic + Induction + Basic Arithmetic
⊆
Type Theory
– Proof rules tie proof steps to algorithm fragments
PRL Seminar, February 23, 2004
3
Constructive Proofs and Program Extraction
How to extract algorithms from proofs?
• Use formal logic to express proof
– First-Order Logic + Induction + Basic Arithmetic
⊆
Type Theory
– Proof rules tie proof steps to algorithm fragments
• Use computerized proof assistant to formalize proof
– Nuprl proof development system supports formal proofs in type theory
– Use proof tactics to keep formalization “simple”
PRL Seminar, February 23, 2004
3
Constructive Proofs and Program Extraction
How to extract algorithms from proofs?
• Use formal logic to express proof
– First-Order Logic + Induction + Basic Arithmetic
⊆
Type Theory
– Proof rules tie proof steps to algorithm fragments
• Use computerized proof assistant to formalize proof
– Nuprl proof development system supports formal proofs in type theory
– Use proof tactics to keep formalization “simple”
• Extract algorithm from computerized proof
– Nuprl composes algorithm fragments of rules used in proof
– Algorithm can be executed in Nuprl
PRL Seminar, February 23, 2004
3
Constructive Proofs and Program Extraction
The Nuprl System
Proof & program refinement in Type Theory
• Interactive Proof Editor
PRL Seminar, February 23, 2004
4
; readable proofs
Constructive Proofs and Program Extraction
The Nuprl System
Proof & program refinement in Type Theory
• Interactive Proof Editor
• Proof Tactics
PRL Seminar, February 23, 2004
; readable proofs
; user-defined inferences
4
Constructive Proofs and Program Extraction
The Nuprl System
Proof & program refinement in Type Theory
• Interactive Proof Editor
• Proof Tactics
; user-defined inferences
• Decision Procedures
PRL Seminar, February 23, 2004
; readable proofs
; proof automation
4
Constructive Proofs and Program Extraction
The Nuprl System
Proof & program refinement in Type Theory
• Interactive Proof Editor
; readable proofs
• Proof Tactics
; user-defined inferences
• Decision Procedures
; proof automation
• Flexible definition mechanism
; user-defined terms
PRL Seminar, February 23, 2004
4
Constructive Proofs and Program Extraction
The Nuprl System
Proof & program refinement in Type Theory
• Interactive Proof Editor
; readable proofs
• Proof Tactics
; user-defined inferences
• Decision Procedures
; proof automation
• Flexible definition mechanism
; user-defined terms
• Customizable Term Display
PRL Seminar, February 23, 2004
4
; flexible notation
Constructive Proofs and Program Extraction
The Nuprl System
Proof & program refinement in Type Theory
• Interactive Proof Editor
; readable proofs
• Proof Tactics
; user-defined inferences
• Decision Procedures
; proof automation
• Flexible definition mechanism
; user-defined terms
• Customizable Term Display
; flexible notation
• Structure Editor for Terms
; no ambiguities
PRL Seminar, February 23, 2004
4
Constructive Proofs and Program Extraction
The Nuprl System
Proof & program refinement in Type Theory
• Interactive Proof Editor
; readable proofs
• Proof Tactics
; user-defined inferences
• Decision Procedures
; proof automation
• Flexible definition mechanism
; user-defined terms
• Customizable Term Display
; flexible notation
• Structure Editor for Terms
; no ambiguities
• Library mechanism
; user-theories
– Large mathematical libraries and tactic collections
PRL Seminar, February 23, 2004
4
Constructive Proofs and Program Extraction
The Nuprl System
Proof & program refinement in Type Theory
• Interactive Proof Editor
; readable proofs
• Proof Tactics
; user-defined inferences
• Decision Procedures
; proof automation
• Flexible definition mechanism
; user-defined terms
• Customizable Term Display
; flexible notation
• Structure Editor for Terms
; no ambiguities
• Library mechanism
; user-theories
– Large mathematical libraries and tactic collections
• Program Extraction and Evaluation ; program synthesis
PRL Seminar, February 23, 2004
4
Constructive Proofs and Program Extraction
Nuprl: System Architecture
A Platform for Cooperating Reasoning Systems
GUI
GUI
Structure
Editor
GUI
Web
Emacs Mode
Library
Evaluator
THEORY
....
defs, thms, tactics
rules, structure, code
Maude
Evaluator
MetaPRL
Evaluator
SoS (Lisp)
Evaluator
THEORY
PRL
defs, thms, tactics
rules, structure, code
THEORY
(HOL)
defs, thms, tactics
rules, structure, code
THEORY
....
defs, thms, tactics
rules, structure, code
THEORY
(PVS)
defs, thms, tactics
rules, structure, code
Translator
THEORY
....
defs, thms, tactics
rules, structure, code
Inference
Engine
Nuprl Refiner
Inference
Engine
MetaPRL
Inference
Engine
JProver
Inference
Engine
PVS
Inference
Engine
MinLog
Translator
Java
OCaml
Basic System uses Library, Editor, and Nuprl Refiner
PRL Seminar, February 23, 2004
5
Constructive Proofs and Program Extraction
Tactics: User-defined inference rules
• Meta-level programs built using
– Basic inference rules, standard tactics, predefined tacticals
– Meta-level analysis of the proof goal and its context
7→ Applying a tactic always results in a valid proof
PRL Seminar, February 23, 2004
6
Constructive Proofs and Program Extraction
Tactics: User-defined inference rules
• Meta-level programs built using
– Basic inference rules, standard tactics, predefined tacticals
– Meta-level analysis of the proof goal and its context
7→ Applying a tactic always results in a valid proof
• Basic Tactics
7→ Nuprl Manual
– Hypothesis: Prove ...C...` C 0 where C 0 α-equal to C
– D c: Decompose the outermost connective of clause c
– EqD c: Decompose immediate subterms of an equality in clause c
– EqTypeD c: Decompose type subterm of an equality in clause c
– Assert t: Assert (or cut) term t as last hypothesis
– Auto: Apply trivial reasoning, decomposition, decision procedures
also rules tailored for: Logic, Induction, . . .
PRL Seminar, February 23, 2004
6
Constructive Proofs and Program Extraction
Formal proof of Integer Square Root Theorem
∀n:N. ∃r:N. r2 ≤ n < (r+1)2
BY allR
n:N
` ∃r:N. r2 ≤ n < (r+1)2
BY NatInd 1
.....basecase.....
` ∃r:N. r2 ≤ 0 < (r+1)2
√
BY existsR d0e THEN Auto
.....upcase.....
i:N+, r:N, r2 ≤ i-1 < (r+1)2
` ∃r:N. r2 ≤ i < (r+1)2
BY Decide d(r+1)2 ≤ ie THEN Auto
.....Case 1.....
i:N+, r:N, r2 ≤ i-1 < (r+1)2,
` ∃r:N. r2 ≤ i < (r+1)2
√
BY existsR dr+1e THEN Auto’
(r+1)2 ≤ i
.....Case 2.....
i:N+, r:N, r2 ≤ i-1 < (r+1)2,
` ∃r:N. r2 ≤ i < (r+1)2
√
BY existsR dre THEN Auto
¬((r+1)2 ≤ i)
PRL Seminar, February 23, 2004
7
Constructive Proofs and Program Extraction
Algorithm Extracted from the proof
• In raw Type Theory
let rec sqrt i
= if i=0 then <0,pf 0>
else let <r,pfi−1> = sqrt (i-1)
in
if (r+1)2≤n then <r+1,pf i>
else <r,pf i’>
• In SML notation (after stripping proof components)
fun sqrt n = if n=0 then 0
else let val r = sqrt (n-1)
in
if n < (r+1)ˆ2 then r
else r+1
end
PRL Seminar, February 23, 2004
8
Constructive Proofs and Program Extraction
Are there better proofs?
• Mathematically
– Proof is short and “elegant” – why change it?
PRL Seminar, February 23, 2004
9
Constructive Proofs and Program Extraction
Are there better proofs?
• Mathematically
– Proof is short and “elegant” – why change it?
• Computationally
√
– Extracted algorithm for b nc is linear in size of input n
Proof uses standard induction on n
∀P:N→P. (P(0)
∧
PRL Seminar, February 23, 2004
O(n)
(∀i:N+. P(i-1) ⇒ P(i))) ⇒ (∀i:N. P(i))
9
Constructive Proofs and Program Extraction
Are there better proofs?
• Mathematically
– Proof is short and “elegant” – why change it?
• Computationally
√
– Extracted algorithm for b nc is linear in size of input n
Proof uses standard induction on n
∀P:N→P. (P(0)
∧
(∀i:N+. P(i-1) ⇒ P(i))) ⇒ (∀i:N. P(i))
2
– A better algorithm would increase r until (r+1) > n
Corresponding proof needs schema for bounded search
∀P:N→P. ∀n:N. P(n) ⇒ (∃k:{0..n}. P(k)
PRL Seminar, February 23, 2004
9
∧
O(n)
√
O( n)
(∀j:{0..k-1}. ¬P(j)))
Constructive Proofs and Program Extraction
Are there better proofs?
• Mathematically
– Proof is short and “elegant” – why change it?
• Computationally
√
– Extracted algorithm for b nc is linear in size of input n
O(n)
Proof uses standard induction on n
∀P:N→P. (P(0)
∧
(∀i:N+. P(i-1) ⇒ P(i))) ⇒ (∀i:N. P(i))
2
– A better algorithm would increase r until (r+1) > n
Corresponding proof needs schema for bounded search
∀P:N→P. ∀n:N. P(n) ⇒ (∃k:{0..n}. P(k)
∧
(∀j:{0..k-1}. ¬P(j)))
√
– An even better algorithm computes b nc bit for bit
Proof almost identical to first one, but needs 4-adic induction
∀P:N→P. (P(0)
∧
PRL Seminar, February 23, 2004
√
O( n)
O(log2 n)
(∀i:N. P(i÷4) ⇒ P(i))) ⇒ (∀i:N. P(i))
9
Constructive Proofs and Program Extraction
