On the constructive content of proofs in abstract analysis Ulrich - - PowerPoint PPT Presentation

On the constructive content of proofs in abstract analysis

Ulrich Berger Swansea University Helsinki Logic Seminar December 19, 2018 Supported by a Royal Society grant on Team Semantics, and the EU project ’Computation with Infinite Data’

1 / 50

Overview

• 1. Computational content of proofs
• 2. Brouwer’s thesis
• 3. Concurrency
• 4. Abstract bar induction
• 5. Proving uniform continuity
• 6. Extracting the fan functional

2 / 50

Computational content of proofs via realizability - Overview

Instead of defining when a formula is true or false one can define what it means to realize it, i.e. what it means to solve the computational problem it expresses: p r A (program p realizes the formula A)

3 / 50

Computational content of proofs via realizability - Overview

Instead of defining when a formula is true or false one can define what it means to realize it, i.e. what it means to solve the computational problem it expresses: p r A (program p realizes the formula A) Depending on the variant of realizability, p can be

◮ a code of a Turing machine (Kleene 1945) ◮ a higher-type functional program (e.g. a term in G¨

• del’s

system T)

◮ an element of a combinatory algebra (e.g. Scott’s D∞)

3 / 50

Computational content of proofs via realizability - Overview

Instead of defining when a formula is true or false one can define what it means to realize it, i.e. what it means to solve the computational problem it expresses: p r A (program p realizes the formula A) Depending on the variant of realizability, p can be

◮ a code of a Turing machine (Kleene 1945) ◮ a higher-type functional program (e.g. a term in G¨

• del’s

system T)

◮ an element of a combinatory algebra (e.g. Scott’s D∞)

Soundness Theorem. From a constructive proof of a formula one can extract a program realizing it.

3 / 50

Intuitionistic Fixed Point logic (IFP)

◮ Intuitionistic first-order logic with equality. ◮ Extra constants, function symbols and atomic predicates (not

necessarily decidable), depending on applications.

◮ Free predicate variables X, Y , . . .. ◮ Inductive and coinductive definitions as least and largest fixed

points of monotone predicate transformers.

◮ Axioms consisting of non-computational (nc), that is,

disjunction-free, formulas (depending on applications).

◮ For the classically minded user it suffices for these nc axioms

to be classically true in the intended model. The rational for this system is to stay as close as possible to the axiomatic style common in mathematics while still being able to extract useful computational content from proofs. Without nc axioms the proof-theoretic strength of IFP is that of Π1

2-comprehension (M¨

• llerfeld 2003, Tupailo 2004).

4 / 50

Induction and coinduction

Let Φ = λX λ x A(X, x) a monotone predicate transformer. Monotonicity is usually guarantied by requiting X to occur at strictly positive positions in A. The following rules express that µ(Φ) is the least predicate X such that Φ(X) ⊆ X (hence Φ(µ(Φ)) = µΦ)), and ν(Φ) is the largest predicate X such that X ⊆ Φ(X) (hence Φ(ν(Φ)) = νΦ)). Φ(µ(Φ)) ⊆ µ(Φ) cl Φ(P) ⊆ P µ(Φ) ⊆ P ind ν(Φ) ⊆ Φ(ν(Φ)) cocl P ⊆ Φ(P) P ⊆ ν(Φ) coind

5 / 50

Example: Real and natural numbers

◮ Variables x, y, . . . are intended to range over abstract real

numbers

◮ Constants and function symbols: 0, 1, +, −, ∗, /, | · |, . . .. ◮ Atomic predicates: <, ≤, . . .. ◮ Nc axioms: ∀x . x + 0 = x, . . . .

6 / 50

Example: Real and natural numbers

◮ Variables x, y, . . . are intended to range over abstract real

numbers

◮ Constants and function symbols: 0, 1, +, −, ∗, /, | · |, . . .. ◮ Atomic predicates: <, ≤, . . .. ◮ Nc axioms: ∀x . x + 0 = x, . . . . ◮ Inductive predicate defining the natural numbers as a subset

• f the reals numbers: N Def

= µ Φ, where Φ = λX λx . x = 0 ∨ X(x − 1). We write this more intuitively as N(x)

µ

= x = 0 ∨ N(x − 1).

6 / 50

Example: Real and natural numbers

◮ Variables x, y, . . . are intended to range over abstract real

numbers

◮ Constants and function symbols: 0, 1, +, −, ∗, /, | · |, . . .. ◮ Atomic predicates: <, ≤, . . .. ◮ Nc axioms: ∀x . x + 0 = x, . . . . ◮ Inductive predicate defining the natural numbers as a subset

• f the reals numbers: N Def

= µ Φ, where Φ = λX λx . x = 0 ∨ X(x − 1). We write this more intuitively as N(x)

µ

= x = 0 ∨ N(x − 1).

◮ Coinductive predicate defining those real numbers that can be

approximated by dyadic rationals: C Def = ν Ψ, where Ψ = λX λx . ∃n ∈ N |x − n| ≤ 1 ∧ X(2x). Intuitive notation C(x) ν = ∃n ∈ N |x − n| ≤ 1 ∧ C(2x).

6 / 50

Example: Real and natural numbers

◮ Variables x, y, . . . are intended to range over abstract real

numbers

◮ Constants and function symbols: 0, 1, +, −, ∗, /, | · |, . . .. ◮ Atomic predicates: <, ≤, . . .. ◮ Nc axioms: ∀x . x + 0 = x, . . . . ◮ Inductive predicate defining the natural numbers as a subset

• f the reals numbers: N Def

= µ Φ, where Φ = λX λx . x = 0 ∨ X(x − 1). We write this more intuitively as N(x)

µ

= x = 0 ∨ N(x − 1).

◮ Coinductive predicate defining those real numbers that can be

approximated by dyadic rationals: C Def = ν Ψ, where Ψ = λX λx . ∃n ∈ N |x − n| ≤ 1 ∧ X(2x). Intuitive notation C(x) ν = ∃n ∈ N |x − n| ≤ 1 ∧ C(2x). One can prove C(x) ↔ ∀k ∈ N ∃q ∈ Q |x − q| ≤ 2−k where Q is the set of the rational numbers, defined as usual.

6 / 50

Realizability

To every predicate variable X we assign a new predicate variable ˜ X with an extra argument place for realizers. a r P( t) = P( t) ∧ a = Nil P atomic predicate a r X( t) = ˜ X( t, a) X a predicate variable c r (A ∧ B) = proj1(c) r A ∧ proj2(c) r B c r (A ∨ B) = ∃a (c = Left(a) ∧ a r A) ∨ ∃b (c = Right(b) ∧ b r B) f r (A → B) = ∀a (a r A → (f a) r B)

7 / 50

Realizability

To every predicate variable X we assign a new predicate variable ˜ X with an extra argument place for realizers. a r P( t) = P( t) ∧ a = Nil P atomic predicate a r X( t) = ˜ X( t, a) X a predicate variable c r (A ∧ B) = proj1(c) r A ∧ proj2(c) r B c r (A ∨ B) = ∃a (c = Left(a) ∧ a r A) ∨ ∃b (c = Right(b) ∧ b r B) f r (A → B) = ∀a (a r A → (f a) r B) a r ∀x A = ∀x (a r A) a r ∃x A = ∃x (a r A)

7 / 50

Realizability

To every predicate variable X we assign a new predicate variable ˜ X with an extra argument place for realizers. a r P( t) = P( t) ∧ a = Nil P atomic predicate a r X( t) = ˜ X( t, a) X a predicate variable c r (A ∧ B) = proj1(c) r A ∧ proj2(c) r B c r (A ∨ B) = ∃a (c = Left(a) ∧ a r A) ∨ ∃b (c = Right(b) ∧ b r B) f r (A → B) = ∀a (a r A → (f a) r B) a r ∀x A = ∀x (a r A) a r ∃x A = ∃x (a r A) a r (µ(λXλ x . A))( t) = (µ(λ ˜ Xλ xλb .b r A))( t, a) a r (ν(λXλ x . A))( t) = (ν(λ ˜ Xλ xλb .b r A))( t, a)

7 / 50

Realizability

To every predicate variable X we assign a new predicate variable ˜ X with an extra argument place for realizers. a r P( t) = P( t) ∧ a = Nil P atomic predicate a r X( t) = ˜ X( t, a) X a predicate variable c r (A ∧ B) = proj1(c) r A ∧ proj2(c) r B c r (A ∨ B) = ∃a (c = Left(a) ∧ a r A) ∨ ∃b (c = Right(b) ∧ b r B) f r (A → B) = ∀a (a r A → (f a) r B) a r ∀x A = ∀x (a r A) a r ∃x A = ∃x (a r A) a r (µ(λXλ x . A))( t) = (µ(λ ˜ Xλ xλb .b r A))( t, a) a r (ν(λXλ x . A))( t) = (ν(λ ˜ Xλ xλb .b r A))( t, a) Special treatment of nc formulas, e.g. b r (A → B) = A → b r B if A is nc

7 / 50

Soundness

Soundness Theorem From an IFP proof of a formula A from nc axioms Γ one can extract a program realizing A, provably from Γ in RIFP, the extension of IFP to the language of realizers. Γ ⊢IFP d : A = ⇒ Γ ⊢RIFP ep(d) r A

8 / 50

Soundness

Soundness Theorem From an IFP proof of a formula A from nc axioms Γ one can extract a program realizing A, provably from Γ in RIFP, the extension of IFP to the language of realizers. Γ ⊢IFP d : A = ⇒ Γ ⊢RIFP ep(d) r A The nc property (no disjunctions) can be weakened to requiring that axioms be Harrop formulas, that is, don’t contain disjunctions at strictly positive positions and that these axioms imply their realizability translations.

8 / 50

Minlog

Realizability and program extraction is implemented in the interactive proof system Minlog developed by H Schwichtenberg in Munich. http://www.mathematik.uni-muenchen.de/~logik/minlog/

9 / 50

Overview of existing case studies in program extraction

10 / 50

Overview of existing case studies in program extraction

◮ Discrete structures

◮ Quotient and remainder on natural numbers. ◮ Dijkstra’s algorithm (1997, Benl, Schwichtenberg):

Reachable nodes in a weighted graph

◮ Warshall Algorithm (2001, Schwichtenberg, Seisenberger, B):

Transitive closure of a relation

10 / 50

Overview of existing case studies in program extraction

◮ Discrete structures

◮ Quotient and remainder on natural numbers. ◮ Dijkstra’s algorithm (1997, Benl, Schwichtenberg):

Reachable nodes in a weighted graph

◮ Warshall Algorithm (2001, Schwichtenberg, Seisenberger, B):

Transitive closure of a relation

◮ Programs from classical proofs

◮ GCD (1995, B, Schwichtenberg):

Uses the Friedman/Dragalin A-translation

◮ Dickson’s Lemma (2001, Schwichtenberg, Seisenberger, B):

F/D A-translation in infinite combinatorics

◮ Higman’s Lemma (2008, Seisenberger):

Uses F/D A-translation and classical countable choice

◮ Fibonacci numbers from a classical proofs (2002, Buchholz,

Schwichtenberg, B): Uses F/D A-translation to obtain fast program

10 / 50

Overview ctd.

◮ Lambda calculus:

◮ Extraction of normalization-by-evaluation (NbE) (2006,

Berghofer, Letouzey, Schwichtenberg, B): Extraction of NbE from Tait’s proof of strong normalization for the typed lambda calculus (in Isabelle, Coq, Minlog)

11 / 50

Overview ctd.

◮ Lambda calculus:

◮ Extraction of normalization-by-evaluation (NbE) (2006,

Berghofer, Letouzey, Schwichtenberg, B): Extraction of NbE from Tait’s proof of strong normalization for the typed lambda calculus (in Isabelle, Coq, Minlog)

◮ Real numbers

◮ Cauchy sequences vs signed digit representation (SD):

Cauchy sequences are functions. SD representations are streams defined by coinduction.

◮ Arithmetic operations on reals w.r.t. SD ◮ Integration w.r.t. SD (2011, B):

Real functions are given by trees realizing a nested coinductive/inductive definition

11 / 50

Overview ctd.

◮ Lists

◮ List reversal

Uses F/D A-translation to extract linear program from naive proof

◮ In-place Quicksort (2014, Seisenberger, Woods, B):

Extracts an ’imperative’ program

12 / 50

Overview ctd.

◮ Lists

◮ List reversal

Uses F/D A-translation to extract linear program from naive proof

◮ In-place Quicksort (2014, Seisenberger, Woods, B):

Extracts an ’imperative’ program

◮ Satisfiabilty testing

◮ Extraction of a SAT-solver from completeness proof for DPLL

(2015, B, Forsberg, Lawrence, Seisenberger)

12 / 50

Overview ctd.

◮ Lists

◮ List reversal

Uses F/D A-translation to extract linear program from naive proof

◮ In-place Quicksort (2014, Seisenberger, Woods, B):

Extracts an ’imperative’ program

◮ Satisfiabilty testing

◮ Extraction of a SAT-solver from completeness proof for DPLL

(2015, B, Forsberg, Lawrence, Seisenberger)

◮ Ongoing: Extraction of

◮ monadic parsers (Jones, Seisenberger, B) ◮ concurrent programs (Miyamoto, Petrovska, Schwichtenberg,

Spreen, Takayama, Tsuiki, B)

◮ truly imperative programs (Reus, B) ◮ modulus of uniform continuity from Fan Theorem (B) 12 / 50

The Archimedean property

The natural numbers are unbounded: ∀ x ∃n ∈ N x < n

13 / 50

The Archimedean property

The natural numbers are unbounded: ∀ x ∃n ∈ N x < n not realizable

13 / 50

The Archimedean property

The natural numbers are unbounded: ∀ x ∃n ∈ N x < n not realizable The rational numbers are dense: ∀ x ∀ ǫ > 0 ∃q ∈ Q |x − q| < ǫ

13 / 50

The Archimedean property

The natural numbers are unbounded: ∀ x ∃n ∈ N x < n not realizable The rational numbers are dense: ∀ x ∀ ǫ > 0 ∃q ∈ Q |x − q| < ǫ not realizable

13 / 50

The Archimedean property

The natural numbers are unbounded: ∀ x ∃n ∈ N x < n not realizable The rational numbers are dense: ∀ x ∀ ǫ > 0 ∃q ∈ Q |x − q| < ǫ not realizable There are no infinitesimals: AP ∀ x(∀k ∈ N |x| < 2−k → x = 0)

13 / 50

The Archimedean property

The natural numbers are unbounded: ∀ x ∃n ∈ N x < n not realizable The rational numbers are dense: ∀ x ∀ ǫ > 0 ∃q ∈ Q |x − q| < ǫ not realizable There are no infinitesimals: AP ∀ x(∀k ∈ N |x| < 2−k → x = 0) a true Harrop formula

13 / 50

Apartness

x = y Def = ∃k ∈ N |x − y| ≥ 2−k

14 / 50

Apartness

x = y Def = ∃k ∈ N |x − y| ≥ 2−k Proposition 1. ∀x ∈ C (x = 0 → x = 0).

14 / 50

Apartness

x = y Def = ∃k ∈ N |x − y| ≥ 2−k Proposition 1. ∀x ∈ C (x = 0 → x = 0).

• Proof. Uses AP, as well as countable choice:

∀n ∈ N ∃x A(n, x) → ∃f ∀n ∈ N A(m, f (n)), and Markov’s principle for decidable A(n): ¬¬∃n ∈ N A(n) → ∃n ∈ N A(n). Assume C(x) and x = 0. By countable choice there exists an infinite sequence of rational numbers qk (k ∈ N) such that |x − qk| ≤ 2−k for all k ∈ N. It is impossible that |qk+1| ≤ 2−k for all k ∈ N since this would imply that |x| ≤ 2−k for all k ∈ N and therefore x = 0, by AP. Since |qk+1| ≤ 2−k is a decidable property of k, by Markov’s principle, we can find some k ∈ N with |qk+1| > 2−k. It follows that |x| ≥ 2−(k+1).

14 / 50

Apartness

x = y Def = ∃k ∈ N |x − y| ≥ 2−k Proposition 1. ∀x ∈ C (x = 0 → x = 0).

• Proof. Uses AP, as well as countable choice:

∀n ∈ N ∃x A(n, x) → ∃f ∀n ∈ N A(m, f (n)), and Markov’s principle for decidable A(n): ¬¬∃n ∈ N A(n) → ∃n ∈ N A(n). Assume C(x) and x = 0. By countable choice there exists an infinite sequence of rational numbers qk (k ∈ N) such that |x − qk| ≤ 2−k for all k ∈ N. It is impossible that |qk+1| ≤ 2−k for all k ∈ N since this would imply that |x| ≤ 2−k for all k ∈ N and therefore x = 0, by AP. Since |qk+1| ≤ 2−k is a decidable property of k, by Markov’s principle, we can find some k ∈ N with |qk+1| > 2−k. It follows that |x| ≥ 2−(k+1). Can countable choice be avoided?

14 / 50

Brouwer’s thesis

Brouwer’s thesis (BT) Every bar is inductive.

15 / 50

Brouwer’s thesis

Brouwer’s thesis (BT) Every bar is inductive. A predicate P on natural numbers is a bar if ∀α∃n P(¯ α n)

15 / 50

Brouwer’s thesis

Brouwer’s thesis (BT) Every bar is inductive. A predicate P on natural numbers is a bar if ∀α∃n P(¯ α n) P is an inductive bar if IBP() holds where, inductively, (i) If P(s), then IBP(s). (ii) If IBP(s ∗ n) for all n ∈ N, then IBP(s). More compactly, IBP(s)

µ

= P(s) ∨ ∀n IBP(s ∗ n) (µ means ’least’)

15 / 50

Brouwer’s thesis

Brouwer’s thesis (BT) Every bar is inductive. A predicate P on natural numbers is a bar if ∀α∃n P(¯ α n) P is an inductive bar if IBP() holds where, inductively, (i) If P(s), then IBP(s). (ii) If IBP(s ∗ n) for all n ∈ N, then IBP(s). More compactly, IBP(s)

µ

= P(s) ∨ ∀n IBP(s ∗ n) (µ means ’least’) Hence BT can be written as the schema ∀α∃n P(¯ α n) → IBP() Recommended reading on BT: Wim Veldman: Brouwers Real Thesis on Bars, Philosophia Scientiae, CS 6, 2006.

15 / 50

Issues with BT (regarding applicability)

BT ∀α∃n P(¯ α n) → IBP()

16 / 50

Issues with BT (regarding applicability)

BT ∀α∃n P(¯ α n) → IBP()

◮ restricted to natural numbers

16 / 50

Issues with BT (regarding applicability)

BT ∀α∃n P(¯ α n) → IBP()

◮ restricted to natural numbers ◮ talks about infinite sequences

16 / 50

Issues with BT (regarding applicability)

BT ∀α∃n P(¯ α n) → IBP()

◮ restricted to natural numbers ◮ talks about infinite sequences ◮ the premise has computational content which is often not

available

16 / 50

Issues with BT (regarding applicability)

BT ∀α∃n P(¯ α n) → IBP()

◮ restricted to natural numbers ◮ talks about infinite sequences ◮ the premise has computational content which is often not

available

◮ the conclusion has unwanted computational content

16 / 50

Issues with BT (regarding applicability)

BT ∀α∃n P(¯ α n) → IBP()

◮ restricted to natural numbers ◮ talks about infinite sequences ◮ the premise has computational content which is often not

available

◮ the conclusion has unwanted computational content ◮ to be realizable, the bar P must be decidable, that is,

∀n (P(n) ∨ ¬P(n)) must be provable.

16 / 50

Issues with BT (regarding applicability)

BT ∀α∃n P(¯ α n) → IBP()

◮ restricted to natural numbers ◮ talks about infinite sequences ◮ the premise has computational content which is often not

available

◮ the conclusion has unwanted computational content ◮ to be realizable, the bar P must be decidable, that is,

∀n (P(n) ∨ ¬P(n)) must be provable. Therefore, we weaken and generalize premise and conclusion.

16 / 50

Paths and accessibility

Let ≺ be an arbitrary binary relation. Path≺(x)

ν

= ∃y ≺ x Path≺(y) (ν means ’greatest’) Acc≺(x)

µ

= ∀y ≺ x Acc≺(y)

17 / 50

Paths and accessibility

Let ≺ be an arbitrary binary relation. Path≺(x)

ν

= ∃y ≺ x Path≺(y) (ν means ’greatest’) Acc≺(x)

µ

= ∀y ≺ x Acc≺(y) Classically, Path≺ and Acc≺ are complements of each other.

17 / 50

Paths and accessibility

Let ≺ be an arbitrary binary relation. Path≺(x)

ν

= ∃y ≺ x Path≺(y) (ν means ’greatest’) Acc≺(x)

µ

= ∀y ≺ x Acc≺(y) Classically, Path≺ and Acc≺ are complements of each other. Path≺(x) means (with dependent choice) that there is an infinite ≺-descending sequence starting with x.

17 / 50

Paths and accessibility

Let ≺ be an arbitrary binary relation. Path≺(x)

ν

= ∃y ≺ x Path≺(y) (ν means ’greatest’) Acc≺(x)

µ

= ∀y ≺ x Acc≺(y) Classically, Path≺ and Acc≺ are complements of each other. Path≺(x) means (with dependent choice) that there is an infinite ≺-descending sequence starting with x. Acc≺(x) means that ≺-induction is valid at x.

17 / 50

Paths and accessibility

Let ≺ be an arbitrary binary relation. Path≺(x)

ν

= ∃y ≺ x Path≺(y) (ν means ’greatest’) Acc≺(x)

µ

= ∀y ≺ x Acc≺(y) Classically, Path≺ and Acc≺ are complements of each other. Path≺(x) means (with dependent choice) that there is an infinite ≺-descending sequence starting with x. Acc≺(x) means that ≺-induction is valid at x. Setting s ≺P t Def = ∃n s = t ∗ n ∧ ¬P(t): ¬Path≺P() means that P is a bar, Acc≺P() means that P is an inductive bar.

17 / 50

Brouwer’s thesis without computational content

The implication Acc≺(x) → ¬Path≺(x) is intuitionistically valid (easy ≺-induction). The converse is can be viewed as a version of Brouwer’s thesis: BT0 ∀x (¬Path≺(x) → Acc≺(x))

18 / 50

Brouwer’s thesis without computational content

The implication Acc≺(x) → ¬Path≺(x) is intuitionistically valid (easy ≺-induction). The converse is can be viewed as a version of Brouwer’s thesis: BT0 ∀x (¬Path≺(x) → Acc≺(x)) Both, the premise and conclusion of BT0, are Harrop formulas (do not contain ∨ at a strictly positive position).

18 / 50

Brouwer’s thesis without computational content

The implication Acc≺(x) → ¬Path≺(x) is intuitionistically valid (easy ≺-induction). The converse is can be viewed as a version of Brouwer’s thesis: BT0 ∀x (¬Path≺(x) → Acc≺(x)) Both, the premise and conclusion of BT0, are Harrop formulas (do not contain ∨ at a strictly positive position). Therefore, BT0 has no computational content and hence does not spoil program extraction.

18 / 50

Wellfounded induction

Combining BT0 and induction for Acc≺ one obtains wellfounded induction ∀x(∀y ≺ x P(y) → P(x)) ∀x (¬Path≺(x) → P(x)) wfind (progressive predicates hold at all wellfounded points).

19 / 50

Wellfounded induction

Combining BT0 and induction for Acc≺ one obtains wellfounded induction ∀x(∀y ≺ x P(y) → P(x)) ∀x (¬Path≺(x) → P(x)) wfind (progressive predicates hold at all wellfounded points). The extracted program is wellfounded recursion.

19 / 50

Archimedean induction

∀x = 0 ((|x| ≤ 3 → P(2x)) → P(x)) ∀x = 0 P(x) AI AI follows classically from AP and wellfounded induction and is realized by general recursion (least fixed point operator).

20 / 50

Archimedean induction

∀x = 0 ((|x| ≤ 3 → P(2x)) → P(x)) ∀x = 0 P(x) AI AI follows classically from AP and wellfounded induction and is realized by general recursion (least fixed point operator). A useful variant of Archimedean induction is its relativization to C: ∀x ∈ C \ {0} ((|x| ≤ 3 → P(2x)) → P(x)) ∀x ∈ C \ {0} P(x) AIC AIC follows from AI and is realized as follows: Assume s realizes the premise of AIC. Then a realizer of the conclusion of AIC is extracted as the recursively defined function χ g = s g (χ (d g)) where d = λg λn 2 ∗ (g(S(n))) is the realizer extracted from the easy proof of C(x) → C(2x) and 2∗ implements doubling of (unary representations of) natural numbers.

20 / 50

Avoiding countable choice

Proposition 1. ∀x ∈ C (x = 0 → x = 0).

21 / 50

Avoiding countable choice

Proposition 1. ∀x ∈ C (x = 0 → x = 0). Alternative proof. We show ∀x ∈ C \ {0} x = 0 using AIC. Let x ∈ C \ {0} and assume, as induction hypothesis, |x| ≤ 3 → 2x = 0. Since x ∈ C there is q ∈ Q such that |x − q| ≤ 1. If |q| > 2, then |x| ≥ 1 and we are done. If |q| ≤ 2, then |x| ≤ 3 so we can apply the induction hypothesis to obtain 2x = 0, which implies x = 0.

21 / 50

Concurrency (j.w.w. Hideki Tsuiki)

Given: Processes p1, . . . , pn such that

◮ at least one pi is guaranteed to terminate, ◮ each terminating pi will produce a correct result

Task: Combine the pi to obtain a correct result. Solution: Run p1, . . . , pn concurrently. As soon as one pi terminates, deliver the result and kill all the other pj.

22 / 50

Concurrency (j.w.w. Hideki Tsuiki)

Given: Processes p1, . . . , pn such that

◮ at least one pi is guaranteed to terminate, ◮ each terminating pi will produce a correct result

Task: Combine the pi to obtain a correct result. Solution: Run p1, . . . , pn concurrently. As soon as one pi terminates, deliver the result and kill all the other pj. /papers/tsuiki/ccc tsuiki.pdf

22 / 50

Concurrency (j.w.w. Hideki Tsuiki)

Given: Processes p1, . . . , pn such that

◮ at least one pi is guaranteed to terminate, ◮ each terminating pi will produce a correct result

Task: Combine the pi to obtain a correct result. Solution: Run p1, . . . , pn concurrently. As soon as one pi terminates, deliver the result and kill all the other pj. /papers/tsuiki/ccc tsuiki.pdf We introduce an extension of intuitionistic logic enabling the extraction of such kind of programs (together with correctness proofs).

22 / 50

Concurrent disjunction

◮ We add a new form of disjunction A1 ∨

p A2 which admits two

concurrent processes as realizers.

23 / 50

Concurrent disjunction

◮ We add a new form of disjunction A1 ∨

p A2 which admits two

concurrent processes as realizers.

◮ . . . and add a new program constructor Amb(a1, a2) for the

concurrent execution of the processes a1, a2 (motivated by McCarthy’s Amb).

23 / 50

Concurrent disjunction

◮ We add a new form of disjunction A1 ∨

p A2 which admits two

concurrent processes as realizers.

◮ . . . and add a new program constructor Amb(a1, a2) for the

concurrent execution of the processes a1, a2 (motivated by McCarthy’s Amb).

◮ Amb(a1, a2) realizes A1 ∨

p A2 iff at least one ai is defined, and

each defined aj realizes Aj.

23 / 50

Concurrent law of excluded middle (failed attempt)

The following form of the law of excluded middle seems to be realizable provided B is nc: B → A1 ¬B → A2 A1 ∨

p A2

If a1 r (B → A1) and a2 r (¬B → A2), which means B → a1 r A2 and ¬B → a2 r A2, one might believe (classically) that Amb(a1, a2) realizes A1 ∨

p A2.

However, if, for example, B is false, then the formula B → a1 r A1 says nothing about a1, but a1 might still be defined and be delivered as a result of Amb(a1, a2) and consequently, there is no guarantee that Amb(a1, a2) realizes A1 ∨

p A2. 24 / 50

Concurrent law of excluded middle (failed attempt)

The following form of the law of excluded middle seems to be realizable provided B is nc: B → A1 ¬B → A2 A1 ∨

p A2

If a1 r (B → A1) and a2 r (¬B → A2), which means B → a1 r A2 and ¬B → a2 r A2, one might believe (classically) that Amb(a1, a2) realizes A1 ∨

p A2.

However, if, for example, B is false, then the formula B → a1 r A1 says nothing about a1, but a1 might still be defined and be delivered as a result of Amb(a1, a2) and consequently, there is no guarantee that Amb(a1, a2) realizes A1 ∨

p A2.

We need a variant of implication that avoids this.

24 / 50

Restriction A | | B (a variant of B → A)

a r (A | | B)

Def

= (B → def(a)) ∧ (def(a) → a r A) where B is nc and def(a) means that a is defined (i.e. terminates).

25 / 50

Restriction A | | B (a variant of B → A)

a r (A | | B)

Def

= (B → def(a)) ∧ (def(a) → a r A) where B is nc and def(a) means that a is defined (i.e. terminates). Proof rules: B → A0 ∨ A1 ¬B → A0 ∧ A1 A0 ∨ A1 | | B | | I where A0, A1 must be nc . . .

25 / 50

Concurrent law of excluded middle (correct)

A1 | | B A2 | | ¬B A1 ∨

p A2

Conc-lem If a1 realizes A1 | | B and a2 realizes A2 | | ¬B, then Amb(a1, a2) realizes A1 ∨

p A2. 26 / 50

Concurrent law of excluded middle (correct)

A1 | | B A2 | | ¬B A1 ∨

p A2

Conc-lem If a1 realizes A1 | | B and a2 realizes A2 | | ¬B, then Amb(a1, a2) realizes A1 ∨

p A2.

Monotonicity (replacing disjunction elimination): A1 → B1 A2 → B2 (A1 ∨

p A2) → (B1 ∨ p B2) Conc-mon 26 / 50

Infinite Gray code

Using the concurrent extension of IFP it is possible to extract programs operating on Tsuiki’s infinite Gray code for real numbers. Infinite Gray code admits representations of real numbers with possibly one undefined digit, which forces computation to be concurrent and nondeterministic. In return, infinite Gray code has the remarkable property that is computable and unique, that is, every real number has exactly one code. Hideki Tsuiki. Real number computation through Gray code

• embedding. Theoretical Computer Science, 284:467–485,

2002.

27 / 50

Bar induction for decidable bars (BI)

If (1) P is a bar, (2) P decidable and P ⊆ Q, (3) ∀s (∀n Q(s ∗ n) → Q(s)), then Q(). It is easy to see that BT implies BI.

28 / 50

Abstract bar induction (ABI)

y ≺∗ x

µ

= y = x ∨ ∃z (y ≺∗ z ∧ z ≺ x) (refl. trans. closure) y ≺P x

Def

= y ≺ x ∧ ¬P(x)

29 / 50

Abstract bar induction (ABI)

y ≺∗ x

µ

= y = x ∨ ∃z (y ≺∗ z ∧ z ≺ x) (refl. trans. closure) y ≺P x

Def

= y ≺ x ∧ ¬P(x) Let x0 be arbitrary (playing the role of the empty sequence). ABI If

(1) ¬Path≺P(x0) (2) ∀x ≺∗ x0 (¬P(x) ∨ Q(x)), (3) ∀x ≺∗ x0 (∀y ≺ x Q(y) → Q(x)),

then Q(x0).

29 / 50

Abstract bar induction (ABI)

y ≺∗ x

µ

= y = x ∨ ∃z (y ≺∗ z ∧ z ≺ x) (refl. trans. closure) y ≺P x

Def

= y ≺ x ∧ ¬P(x) Let x0 be arbitrary (playing the role of the empty sequence). ABI If

(1) ¬Path≺P(x0) (2) ∀x ≺∗ x0 (¬P(x) ∨ Q(x)), (3) ∀x ≺∗ x0 (∀y ≺ x Q(y) → Q(x)),

then Q(x0). Lemma. BT0 implies ABI. Proof. Assume (1), (2), (3). By BT0, Acc≺P(x0). We prove Acc≺P ⊆ Q by wellfounded induction. By i.h., ∀y ≺∗

P x Q(y). We

have to show Q(x). We do a case analysis according to (2). If Q(x), we are done. If ¬P(x) then the i.h. is equivalent to the premise of (3), hence, again Q(x).

29 / 50

Bang!

If A is a formula, then !A is a Harrop formula with a r !A Def = a = Nil ∧ ∀a (a r A).

30 / 50

Bang!

If A is a formula, then !A is a Harrop formula with a r !A Def = a = Nil ∧ ∀a (a r A). For example, Nil r !(⊥ → A) since, a r (⊥ → A) ≡ ⊥ → a r A.

30 / 50

Bang!

If A is a formula, then !A is a Harrop formula with a r !A Def = a = Nil ∧ ∀a (a r A). For example, Nil r !(⊥ → A) since, a r (⊥ → A) ≡ ⊥ → a r A. Intuitively, !A expresses that A is true (realizable) for trivial reasons.

30 / 50

Bang!

If A is a formula, then !A is a Harrop formula with a r !A Def = a = Nil ∧ ∀a (a r A). For example, Nil r !(⊥ → A) since, a r (⊥ → A) ≡ ⊥ → a r A. Intuitively, !A expresses that A is true (realizable) for trivial reasons. Valid (realizable) rules we will use in the following: A !H !A (A Harrop) A → !B !→ !(A → B) !A ∧ !B !∧ !(B ∧ A) ∀x !A(x) !∀ !∀x A(x) ∃x !A(x) !∃ !∃x A(x)

30 / 50

!LEM

¬A → B A → !B !LEM B

31 / 50

!LEM

¬A → B A → !B !LEM B

Lemma

The rules for bang are realizable.

31 / 50

!LEM

¬A → B A → !B !LEM B

Lemma

The rules for bang are realizable.

Proof.

We only look at !LEM. Assume a r (¬A → B) and Nil r (A → !B), that is, ¬∃c c r A → a r B and ∃c c r A → ∀b b r B. Using the law of excluded middle, we conclude a r B.

31 / 50

Banged bar induction

!BI If

(1) ¬Path≺P(x0), (2) ∀x ≺∗ x0 (P(x) → !Q(x)), (3) ∀x ≺∗ x0 (∀y ≺ x Q(y) → Q(x)),

then Q(x0).

32 / 50

Banged bar induction

!BI If

(1) ¬Path≺P(x0), (2) ∀x ≺∗ x0 (P(x) → !Q(x)), (3) ∀x ≺∗ x0 (∀y ≺ x Q(y) → Q(x)),

then Q(x0).

Lemma

BT0 implies !BI.

32 / 50

Banged bar induction

!BI If

(1) ¬Path≺P(x0), (2) ∀x ≺∗ x0 (P(x) → !Q(x)), (3) ∀x ≺∗ x0 (∀y ≺ x Q(y) → Q(x)),

then Q(x0).

Lemma

BT0 implies !BI.

Proof.

The proof is almost identical to the proof for ABI. The only difference is that we use !LEM to do a case analysis, on whether P(x) holds, using (2).

32 / 50

Banged bar induction

!BI If

(1) ¬Path≺P(x0), (2) ∀x ≺∗ x0 (P(x) → !Q(x)), (3) ∀x ≺∗ x0 (∀y ≺ x Q(y) → Q(x)),

then Q(x0).

Lemma

BT0 implies !BI.

Proof.

The proof is almost identical to the proof for ABI. The only difference is that we use !LEM to do a case analysis, on whether P(x) holds, using (2). The extracted program takes as input a realizer g of (3) (note that (2) is Harrop) and returns h where h s = g s (λa (h (s ∗ a))).

32 / 50

Proving uniform continuity

We aim to prove that every total continuous functional F on Cantor space is uniformly continuous and extract from the proof the fan functional that computes the minimal modulus of uniform continuity of F.

33 / 50

Proving uniform continuity

We aim to prove that every total continuous functional F on Cantor space is uniformly continuous and extract from the proof the fan functional that computes the minimal modulus of uniform continuity of F. Language: Constants: 0, 1, ⊥, where 0, 1 represent at the same time the first two natural numbers and the Booleans, and ⊥ represents ’undefined’ (not to be confused with the formula ⊥). Function symbols: +, −, application operation (written by juxtaposition), common (primitive recursive) operations to define finite and infinite sequences. Relation symbol: < (ordinary ordering of numbers).

33 / 50

Proving uniform continuity

We aim to prove that every total continuous functional F on Cantor space is uniformly continuous and extract from the proof the fan functional that computes the minimal modulus of uniform continuity of F. Language: Constants: 0, 1, ⊥, where 0, 1 represent at the same time the first two natural numbers and the Booleans, and ⊥ represents ’undefined’ (not to be confused with the formula ⊥). Function symbols: +, −, application operation (written by juxtaposition), common (primitive recursive) operations to define finite and infinite sequences. Relation symbol: < (ordinary ordering of numbers). Natural numbers: N(x)

µ

= x = 0 ∨ N(x − 1).

33 / 50

Partial functionals

We define the partial Booleans and partial Boolean-valued functionals of type 1 and 2: B(x)

Def

= x = 0 ∨ x = 1 B⊥(x)

Def

= x = ⊥ → B(x) B1

⊥(α) Def

= ∀n (N(n) → B⊥(α n)) B2

⊥(F) Def

= ∀α (B1

⊥(α) → B⊥(Fα))

34 / 50

Partial functionals

We define the partial Booleans and partial Boolean-valued functionals of type 1 and 2: B(x)

Def

= x = 0 ∨ x = 1 B⊥(x)

Def

= x = ⊥ → B(x) B1

⊥(α) Def

= ∀n (N(n) → B⊥(α n)) B2

⊥(F) Def

= ∀α (B1

⊥(α) → B⊥(Fα))

For the following it wouldn’t make much difference if the result predicate of F were N⊥ (instead of B⊥).

34 / 50

Continuity

Specialization order: x ⊑ y

Def

= x = ⊥ → x = y α ⊑ β

Def

= ∀n ∈ N (α n ⊑ β n)

35 / 50

Continuity

Specialization order: x ⊑ y

Def

= x = ⊥ → x = y α ⊑ β

Def

= ∀n ∈ N (α n ⊑ β n) Monotonicity, finitarity, continuity: Mon(F)

Def

= ∀α, β ∈ B1

⊥ (α ⊑ β → F α ⊑ F β)

Fin(F)

Def

= ∀α ∈ B1

⊥ (∀n ∈ N F (α ↑ n) = ⊥ → F α = ⊥)

Cont(F)

Def

= Mon(F) ∧ Fin(F) where (α ↑ n) k = if k < n then α k else ⊥.

35 / 50

Totality

Total1(α)

Def

= ∀n (N(n) → α n = ⊥) Total2(F)

Def

= ∀α (Total1(α) → Fα = ⊥))

36 / 50

Totality

Total1(α)

Def

= ∀n (N(n) → α n = ⊥) Total2(F)

Def

= ∀α (Total1(α) → Fα = ⊥)) B1(α)

Def

= B1

⊥(α) ∧ Total1(α)

B2(F)

Def

= B2

⊥(F) ∧ Total1(F)

36 / 50

Uniform continuity

A type 2 functional F is uniformly continuous if there is (a least) n ∈ N such that F α = F β for all total α, β agreeing below n. UCont(F, n)

Def

= ∀α, β ∈ B1(α =n β → F α = F β) UCont(F)

Def

= ∃n ∈ N UCont(F, n) where α =n β Def = ∀k ∈ N (k < n → α k = β k).

37 / 50

Uniform continuity

A type 2 functional F is uniformly continuous if there is (a least) n ∈ N such that F α = F β for all total α, β agreeing below n. UCont(F, n)

Def

= ∀α, β ∈ B1(α =n β → F α = F β) UCont(F)

Def

= ∃n ∈ N UCont(F, n) where α =n β Def = ∀k ∈ N (k < n → α k = β k). We aim to prove that every F ∈ B2

⊥ which is total and continuous

is uniformly continuous.

37 / 50

Deciding constancy

Let B∗ be the set of finite sequences of Booleans, that is, B∗(s)

µ

= s = ∨ ∃t ∈ B∗ ∃b ∈ B s = t ∗ b, and set Const(F, s) Def = ∃b ∈ B ∀α ∈ B1 F (s ∗ α) = b where (s ∗ α) n = sn if n < |s| and (s ∗ α) n = α(n − |s|) if n ≥ |s|.

Theorem (Decidability of constancy)

Let F be a total continuous functional, that is, F ∈ B2 and Cont(F). Then for every s ∈ Bs it is decidable whether F is constant on total extensions of s, that is, Const(F, s) ∨ ¬Const(F, s).

38 / 50

Deciding constancy

Proof. We fix a total continuous functional F and define sec(s)

Def

= F (s ∗ ⊥ω) = ⊥ (’s is secured’) s ≺ t

Def

= ∃b ∈ B s = t ∗ b Hence B∗(s) iff s ≺∗ .

39 / 50

Deciding constancy

Proof. We fix a total continuous functional F and define sec(s)

Def

= F (s ∗ ⊥ω) = ⊥ (’s is secured’) s ≺ t

Def

= ∃b ∈ B s = t ∗ b Hence B∗(s) iff s ≺∗ . We define a version of the drinker formula: Dr(s, b, α) Def = F(s∗α) = ⊥∧(∃β ∈ B1

⊥ F(s∗β) = b → F(s∗α) = b)

and set Qb(s) Def = ∃α ∈ B1

⊥ Dr(s, b, α).

39 / 50

Deciding constancy

Proof. We fix a total continuous functional F and define sec(s)

Def

= F (s ∗ ⊥ω) = ⊥ (’s is secured’) s ≺ t

Def

= ∃b ∈ B s = t ∗ b Hence B∗(s) iff s ≺∗ . We define a version of the drinker formula: Dr(s, b, α) Def = F(s∗α) = ⊥∧(∃β ∈ B1

⊥ F(s∗β) = b → F(s∗α) = b)

and set Qb(s) Def = ∃α ∈ B1

⊥ Dr(s, b, α).

Claim: ∀s ∈ B∗ Qb(s) holds for every b ∈ B. Fix b ∈ B. We prove the claim by banged bar induction on ≺sec.

39 / 50

Applying !BI

We have to show (1) ∀s ∈ B∗¬Path≺sec(s), (2) ∀s ∈ B∗(sec(s) → !Qb(s)), (3) ∀s ∈ B∗ (∀a ∈ B Qb(s ∗ a) → Qb(s)),

40 / 50

Applying !BI

We have to show (1) ∀s ∈ B∗¬Path≺sec(s), (2) ∀s ∈ B∗(sec(s) → !Qb(s)), (3) ∀s ∈ B∗ (∀a ∈ B Qb(s ∗ a) → Qb(s)), (1) holds F since is total and continuous.

40 / 50

Applying !BI

We have to show (1) ∀s ∈ B∗¬Path≺sec(s), (2) ∀s ∈ B∗(sec(s) → !Qb(s)), (3) ∀s ∈ B∗ (∀a ∈ B Qb(s ∗ a) → Qb(s)), (1) holds F since is total and continuous. (2): By efq, !→, and !∀, !B1

⊥(⊥ω). If s ∈ B∗ is secured, then

clearly Dr(s, b, ⊥ω). Since this a Harrop formula, it follows !Dr(s, b, ⊥ω), by !H. With !∧ and !∃ it follows !Qb(s).

40 / 50

Applying !BI

We have to show (1) ∀s ∈ B∗¬Path≺sec(s), (2) ∀s ∈ B∗(sec(s) → !Qb(s)), (3) ∀s ∈ B∗ (∀a ∈ B Qb(s ∗ a) → Qb(s)), (1) holds F since is total and continuous. (2): By efq, !→, and !∀, !B1

⊥(⊥ω). If s ∈ B∗ is secured, then

clearly Dr(s, b, ⊥ω). Since this a Harrop formula, it follows !Dr(s, b, ⊥ω), by !H. With !∧ and !∃ it follows !Qb(s). (3): Let s ∈ B∗ such that ∀a ∈ B Qb(s ∗ a), that is, we have α0, α1 ∈ B1

⊥ such that Dr(s ∗ 0, b, α0) and Dr(s ∗ 1, b, α1). We

have to find α ∈ B1

⊥ such that Dr(s, b, α). Since F ∈ B2 ⊥, we have

F(s ∗ 0 ∗ α0) ∈ B. If F(s ∗ 0 ∗ α0) = b, set α = 0 ∗ α0. Otherwise, set α = 1 ∗ α1. This completes the proof of the Claim.

40 / 50

Applying !BI

We have to show (1) ∀s ∈ B∗¬Path≺sec(s), (2) ∀s ∈ B∗(sec(s) → !Qb(s)), (3) ∀s ∈ B∗ (∀a ∈ B Qb(s ∗ a) → Qb(s)), (1) holds F since is total and continuous. (2): By efq, !→, and !∀, !B1

⊥(⊥ω). If s ∈ B∗ is secured, then

clearly Dr(s, b, ⊥ω). Since this a Harrop formula, it follows !Dr(s, b, ⊥ω), by !H. With !∧ and !∃ it follows !Qb(s). (3): Let s ∈ B∗ such that ∀a ∈ B Qb(s ∗ a), that is, we have α0, α1 ∈ B1

⊥ such that Dr(s ∗ 0, b, α0) and Dr(s ∗ 1, b, α1). We

have to find α ∈ B1

⊥ such that Dr(s, b, α). Since F ∈ B2 ⊥, we have

F(s ∗ 0 ∗ α0) ∈ B. If F(s ∗ 0 ∗ α0) = b, set α = 0 ∗ α0. Otherwise, set α = 1 ∗ α1. This completes the proof of the Claim. To complete the proof of the theorem, let α0, α1 ∈ B1

⊥ with

Dr(s, 0, α0) and Dr(s, 1, α1), according to the Claim. Let a = F α0 ∈ B and b = F α1 ∈ B. Clearly, Const(F) iff a = b.

40 / 50

The proof of uniform continuity

Theorem

Every functional F ∈ B2

⊥ which is total and continuous is uniformly

continuous.

41 / 50

The proof of uniform continuity

Theorem

Every functional F ∈ B2

⊥ which is total and continuous is uniformly

continuous. Proof. Let F ∈ B2

⊥ be total and continuous. We set

UCont(s, n)

Def

= ∀α, β ∈ B1(α =n β → F(s ∗ α) = F(s ∗ β)) UCont(s)

Def

= ∃n ∈ N UCont(s, n) and show ∀s ∈ B∗ UCont(s) by abstract bar induction, ABI, on ≺Const where ≺ is as in the proof of the Constancy Theorem and Const(s) Def = Const(F, s).

41 / 50

Applying ABI

We have to show: (1) Wf≺Const(), (2) ∀s ∈ B∗ (¬Const(s) ∨ UCont(s)), (3) ∀s ∈ B∗ (∀a ∈ B UCont(s ∗ a) → UCont(s)).

42 / 50

Applying ABI

We have to show: (1) Wf≺Const(), (2) ∀s ∈ B∗ (¬Const(s) ∨ UCont(s)), (3) ∀s ∈ B∗ (∀a ∈ B UCont(s ∗ a) → UCont(s)). (1) holds again by continuity.

42 / 50

Applying ABI

We have to show: (1) Wf≺Const(), (2) ∀s ∈ B∗ (¬Const(s) ∨ UCont(s)), (3) ∀s ∈ B∗ (∀a ∈ B UCont(s ∗ a) → UCont(s)). (1) holds again by continuity. (2): By the Constancy Theorem, we may assume Const(s). Then clearly UCont(s, 0).

42 / 50

Applying ABI

We have to show: (1) Wf≺Const(), (2) ∀s ∈ B∗ (¬Const(s) ∨ UCont(s)), (3) ∀s ∈ B∗ (∀a ∈ B UCont(s ∗ a) → UCont(s)). (1) holds again by continuity. (2): By the Constancy Theorem, we may assume Const(s). Then clearly UCont(s, 0). (3): Assume UCont(s ∗ 0, n) and UCont(s ∗ 1, m). Then, clearly, UCont(s, 1 + max(n, m)).

42 / 50

Program extraction

Declarations: type N = Int type B = Int type B1 = N -> B type B2 = B1 -> B (***) :: [B] -> B1 -> B1 s *** alpha = \n-> if n < length s then s !! n else alpha (n - length s)

43 / 50

Testing constancy

Testing whether a type 2 functional is constant on extensions of s: thm1 :: B2 -> [B] -> Bool thm1 f s = f (s *** (claim 0 s)) == f (s *** (claim 1 s)) where

• Computing the drinker
• claim :: B -> [B] -> B1

claim b s = let { alpha0 = claim b (s++[0]) ; alpha1 = claim b (s++[1]) } in if f ((s++[0]) *** alpha0) == b then [0] *** alpha0 else [1] *** alpha1

44 / 50

Computing the mod. of unif. cont. (fan functional)

thm2 :: B2 -> N thm2 f = aux [] where

• aux :: [B] -> N

aux s = if thm1 f s then 0 else 1 + max (aux (s++[0])) (aux (s++[1]))

45 / 50

In-class test

*Main> thm2 (\alpha-> 0)

46 / 50

In-class test

*Main> thm2 (\alpha-> 0)

46 / 50

In-class test

*Main> thm2 (\alpha-> 0) *Main> thm2 (\alpha-> 1)

46 / 50

In-class test

*Main> thm2 (\alpha-> 0) *Main> thm2 (\alpha-> 1)

46 / 50

In-class test

*Main> thm2 (\alpha-> 0) *Main> thm2 (\alpha-> 1) *Main> thm2 (\alpha-> alpha 1)

46 / 50

In-class test

*Main> thm2 (\alpha-> 0) *Main> thm2 (\alpha-> 1) *Main> thm2 (\alpha-> alpha 1) 2

46 / 50

In-class test

*Main> thm2 (\alpha-> 0) *Main> thm2 (\alpha-> 1) *Main> thm2 (\alpha-> alpha 1) 2

*Main> thm2 (\alpha-> alpha (sum [alpha n | n <- [0..5]]) )

46 / 50

In-class test

*Main> thm2 (\alpha-> 0) *Main> thm2 (\alpha-> 1) *Main> thm2 (\alpha-> alpha 1) 2

*Main> thm2 (\alpha-> alpha (sum [alpha n | n <- [0..5]]) ) 7

46 / 50

In-class test

*Main> thm2 (\alpha-> 0) *Main> thm2 (\alpha-> 1) *Main> thm2 (\alpha-> alpha 1) 2

*Main> thm2 (\alpha-> alpha (sum [alpha n | n <- [0..5]]) ) 7 *Main> thm2 (\alpha-> alpha (sum [2 * alpha n | n <- [0..7]]) )

46 / 50

In-class test

*Main> thm2 (\alpha-> 0) *Main> thm2 (\alpha-> 1) *Main> thm2 (\alpha-> alpha 1) 2

*Main> thm2 (\alpha-> alpha (sum [alpha n | n <- [0..5]]) ) 7 *Main> thm2 (\alpha-> alpha (sum [2 * alpha n | n <- [0..7]]) ) 17

46 / 50

In-class test

*Main> thm2 (\alpha-> 0) *Main> thm2 (\alpha-> 1) *Main> thm2 (\alpha-> alpha 1) 2

*Main> thm2 (\alpha-> alpha (sum [alpha n | n <- [0..5]]) ) 7 *Main> thm2 (\alpha-> alpha (sum [2 * alpha n | n <- [0..7]]) ) 17 *Main> thm2 (\alpha-> alpha (sum [alpha (2*n) | n <- [0..7]]) )

46 / 50

In-class test

*Main> thm2 (\alpha-> 0) *Main> thm2 (\alpha-> 1) *Main> thm2 (\alpha-> alpha 1) 2

*Main> thm2 (\alpha-> alpha (sum [alpha n | n <- [0..5]]) ) 7 *Main> thm2 (\alpha-> alpha (sum [2 * alpha n | n <- [0..7]]) ) 17 *Main> thm2 (\alpha-> alpha (sum [alpha (2*n) | n <- [0..7]]) ) 15

46 / 50

Conclusion

◮ The fine grained control of computational content not only

• ptimizes extracted programs but also provides access to new

kinds of algorithms by program extraction.

47 / 50

Conclusion

◮ The fine grained control of computational content not only

• ptimizes extracted programs but also provides access to new

kinds of algorithms by program extraction.

◮ Limited use of classical logic seems to be required to verify

the correctness of these new algorithms.

47 / 50

Conclusion

◮ The fine grained control of computational content not only

• ptimizes extracted programs but also provides access to new

kinds of algorithms by program extraction.

◮ Limited use of classical logic seems to be required to verify

the correctness of these new algorithms.

◮ The Harrop version of Brouwer’s thesis and banged bar

induction might open ways to extract programs such as the Berard-Bezem-Coquand realizer of dependent choice from a proof.

47 / 50

References

Hideki Tsuiki. Real Number Computation through Gray Code Embedding.

• Theor. Comput. Sci., 284(2):467–485, 2002.

B., Kenji Miyamoto, Helmut Schwichtenberg, Hideki Tsuiki: Logic for Gray-code computation. In: Concepts of Proof in Mathematics, Philosophy, and Computer Science, de Gruyter, 2016. B., Extracting Non-Deterministic Concurrent Programs. CSL 2016, LIPICS

• L. E. J. Brouwer, Beweis dass jede volle Funktion gleichm¨

assig stetig ist. Nederlandse Akademie van Wetenschappen Verslagen 27, 189193, 1924.

• L. E. J. Brouwer, ¨

Uber Definitionsbereiche von Funktionen,

• Math. Annalen 97, 6075, 1927.

48 / 50

References

• V. Veldman. Brouwer’s Real Thesis on Bars.

Philosophia Scientiæ, CS 6, Constructivism: Mathematics, Logic, 21-42 Philosophy and Linguistics, 2006.

• H. Schwichtenberg. Minlog.

The Seventeen Provers of the World, Lecture Notes in Artificial Intell., 3600, 151–157, 2006.

http://www.mathematik.uni-muenchen.de/~logik/minlog/

• M. Escard´
• . Exhaustible sets in higher-type computation,

Logical Methods in Comput. Sci. 4 (3), 2008.

• B. Totale Objekte und Mengen in der Bereichstheorie,

PhD thesis, LMU Munich, 1990.

49 / 50

References

• B. From coinductive proofs to exact real arithmetic: theory and

applications. Logical Methods in Comput. Sci., 7(1):1–24, 2011.

• M. Escardo, P. Oliva. Bar recursion and products of selection functions,

JSL, 80(1):1-28, 2015. B, O. Petrovska Optimized program extraction for induction and coinduction CiE 2018, LNCS 10936, 70-80, 2018.

50 / 50