Logic for real number computation
Helmut Schwichtenberg
(j.w.w. Ulrich Berger, Kenji Miyamoto and Hideki Tsuiki)
Mathematisches Institut, LMU, München
Trends in Proof Theory, Hamburg, 20. - 21. September 2015
1 / 16
Dyadic rationals:
X ai
.
2i+1
with ai ∈ {−1, 1} =: PSD.
i<k
15
16
− 15
16
1 1̄
1̄
− 78
1 1̄
1 1̄
1 1̄
1 1̄
1 1̄
1 1̄
1
7
8
1
1̄
1
1̄
− 34
1
1̄
1
1̄
1
1̄
− 12
1
1̄
1
1̄
3
4
1
2
0
with 1̄ := −1. Adjacent dyadics can differ in many digits:
7
∼ 11̄11,
16
9
∼ 111̄1̄.
16
2 / 16
Cure: flip after 1. Binary reflected (or Gray-) code.
− 15
16
L
− 78
15
16
R R
L L
R R
L L
R R
L L
R R
L
7
8
L
R
− 34
R
L
L
L
R
R
− 12
R
R
L
R
L
L
3
4
1
2
0
7
∼ RRRL,
16
9
∼ RLRL.
16
3 / 16
Problem with productivity:
1̄111 + 11̄1̄1̄ = ?
(what is the first digit?)
Cure: delay.
I
For binary code: add 0. Signed digit code
X di
.
2i+1
with di ∈ {−1, 0, 1} =: SD.
i<k
Widely used for real number computation.
I
For Gray-code: add U, D, FinL/R . Pre-Gray code.
4 / 16
Pre-Gray code
7
16
L
U
R
U
U
FinR
U
1
4
R
FinR
3
8
9
16
D
L
D
FinR
FinL
U
R
U
FinL
5
8
R
3
4
L
1
2
0
After computation in pre-Gray code, one can remove Fina up to
U ◦ Fina 7→ a ◦ R,
1
:
2k
D ◦ Fina 7→ Fina ◦ L,
5 / 16
Goal: extract algorithms on infinite objects from proofs, in a simple
framework (TCF). Example:
I
Infinite objects: streams, in pre-Gray code.
I
Algorithm: average.
Framework:
I
Constructive logic
I
Types: only function types (Scott/Ershov partial continuous
functionals), over base types given by constructors (may
contain infinite objects).
I
Inductive & coinductive predicates, with their least & greatest
fixed point axioms (i.e., induction & coinduction).
6 / 16
We will coinductively define a predicate coG and prove
co
co
0
co
∀nc
x,x 0 ( G (x) → G (x ) → G (
x + x0
))
2
(1)
0
(∀nc
x,x 0 : the reals x, x have no computational significance).
Associated with coG is its realizability extension (coG )r (p, x)
(p is a stream representation of x witnessing coG (x)).
Soundness theorem:
(coG )r (p, x) → (coG )r (p 0 , x 0 ) → (coG )r (f (p, p 0 ),
x + x0
)
2
for some stream transformer f extracted from the proof of (1),
which never mentions streams.
7 / 16
What is coG ? Need simultaneously coH.
x −1
x
) ∨ ∃rx∈Y (y = ) },
2
2
x
+
1
x
∆(X , Y ) := { y | ∃rx∈X ∃a (y = a
) ∨ ∃rx∈Y (y = ) }
2
2
Γ(X , Y ) := { y | ∃rx∈X ∃a (y = −a
(∃rx : the real x has no computational significance)
Define (coG , coH) := ν(X ,Y ) (Γ(X , Y ), ∆(X , Y )).
Coinduction:
(X , Y ) ⊆ (Γ(coG ∪X , coH∪Y ), ∆(coG ∪X , coH∪Y )) → (X , Y ) ⊆ (coG , coH),
Associated to Γ, ∆ are algebras G, H with constructors
LR : PSD → G → G,
U: H → G
(for “undefined”),
Fin : PSD → G → H,
D: H → H
(for “delay”).
8 / 16
Realizability extensions (coG )r and (coH)r :
Γr (Z , W ) := { (p, x) | ∃(p0 ,x 0 )∈Z ∃a (x = −a
x0 − 1
∧ p = LRa (p 0 )) ∨u
2
x0
∧ p = U(q 0 )) },
2
x0 + 1
∆r (Z , W ) := { (q, x) | ∃(p0 ,x 0 )∈Z ∃a (x = a
∧ q = Fina (p 0 )) ∨u
2
x0
∃u(q0 ,x 0 )∈W (x =
∧ q = D(q 0 )) }
2
∃u(q0 ,x 0 )∈W (x =
(∨u : the whole formula has no computational significance).
Define
((coG )r , (coH)r ) := ν(Z ,W ) (Γr (Z , W ), ∆r (Z , W ))
9 / 16
CoGAverage:
co
co
co
∀nc
x,y ( G (x) → G (y ) → G (
x +y
)).
2
Consider two sets of averages, the second one with a “carry”
i ∈ SD2 := {−2, −1, 0, 1, 2}:
x +y
| x, y ∈ coG },
2
x +y +i
Avc := {
| x, y ∈ coG , i ∈ SD2 }.
4
Av := {
Suffices: Avc satisfies the clause coinductively defining coG , for
then by the greatest-fixed-point axiom for coG we have Avc ⊆ coG .
Since we also have Av ⊆ Avc we obtain Av ⊆ coG , i.e., our claim.
10 / 16
CoGAvToAvc:
r
∀nc
x,y ∈coG ∃x 0 ,y 0 ∈coG ∃i (
x +y
x0 + y0 + i
=
).
2
4
Implicit algorithm. f ∗ := cCoGPsdTimes, and s := cCoHToCoG.
cL denotes the function extracted from the proof of a lemma L.
co
co
CoGPsdTimes: ∀nc
x ∀a ( G (x) → G (a ∗ x)).
f (LRa (p), LRa0 (p 0 )) = (a + a0 , f ∗ (−a, p), f ∗ (−a0 , p 0 )),
f (LRa (p), U(q)) = (a, f ∗ (−a, p), s(q)),
f (U(q), LRa (p)) = (a, s(q), f ∗ (−a, p)),
f (U(q), U(q 0 )) = (0, s(q), s(q 0 )).
11 / 16
Need J : SD → SD → SD2 → SD2 , K : SD → SD → SD2 → SD
with d + e + 2i = J(d, e, i) + 4K (d, e, i) (cases on d, e, i). Then
x+d
2
+
y +e
2
4
+i
=
x+y +J(d,e,i)
4
+ K (d, e, i)
.
2
CoGAvcSatCoICl:
x
r
∀i ∀nc
x,y ∈coG ∃x 0 ,y 0 ∈coG ∃j,d (
+y +i
=
4
x 0 +y 0 +j
4
2
+d
).
Implicit algorithm.
f (i, LRa (p), LRa0 (p 0 )) = (J(a, a0 , i), K (a, a0 , i), f ∗ (−a, p), f ∗ (−a0 , p 0 )),
f (i, LRa (p), U(q)) = (J(a, 0, i), K (a, 0, i), f ∗ (−a, p), s(q)),
f (i, U(q), LRa (p)) = (J(0, a, i), K (0, a, i), s(q), f ∗ (−a, p)),
f (i, U(q), U(q 0 )) = (J(0, 0, i), K (0, 0, i), s(q), s(q 0 )).
12 / 16
CoGAvcToCoG:
x +y +i
) → coG (z)),
4
x +y +i
r
) → coH(z)).
∀nc
z (∃x,y ∈coG ∃i (z =
4
r
∀nc
z (∃x,y ∈coG ∃i (z =
Implicit algorithm. Proof uses SdDisj: ∀d (d = 0 ∨ ∃a (d = a)).
g (i, p, p 0 ) = let (i1 , d, p1 , p10 ) = cCoGAvcSatCoICl(i, p, p 0 ) in
case cSdDisj(d) of
0 → U(h(i, p1 , p10 ))
a → LRa (g (−ai, f ∗ (−a, p1 ), f ∗ (−a, p10 ))),
h(i, p, p 0 ) = let (i1 , d, p1 , p10 ) = cCoGAvcSatCoICl(i, p, p 0 ) in
case cSdDisj(d) of
0 → D(h(i, p1 , p10 ))
a → Fina (g (−ai, f ∗ (−a, p1 ), f ∗ (−a, p10 ))).
Composing CoGAvToAvc and CoGAvcToCoG gives CoGAverage.
13 / 16
Extracted term for CoGAvcToCoG:
[ipp](CoRec sdtwo@@ag@@ag=>ag sdtwo@@ag@@ag=>ah)ipp
([ipp0][let idpp (cCoGAvcSatCoICl
left ipp0 left right ipp0 right right ipp0)
[case (cSdDisj left right idpp)
(DummyL -> InR(InR(left idpp@right right idpp)))
(Inr a -> InL(a@InR
(a times inv left idpp@
cCoGPsdTimes inv a left right right idpp@
cCoGPsdTimes inv a right right right idpp)))]])
([ipp0][let idpp ...] ...)
ipp
variable of type SD2 × G × G
idpp
variable of type SD2 × SD × G × G
[ipp]r
lambda abstraction λipp r
sdtwo@@ag@@ag=>ah
function type SD2 × G × G → H
r@s, left r, right r
product term, components
cL
realizer for lemma L
14 / 16
Corecursion ∼ coinduction.
(G,H),(σ,τ )
: σ → δG → δH → G
(G,H),(σ,τ )
: τ → δG → δH → H
co
RG
co
RH
with step types
δG := σ → PSD × (G + σ) + (H + τ ),
δH := τ → PSD × (G + σ) + (H + τ ).
PSD × (G + σ) + (H + τ ) appears since G has constructors
LR : PSD → G → G and U : H → G,
and H has constructors
Fin : PSD → G → H and D : H → H.
15 / 16
I
Analyzing the step terms gives the “implicit algorithm”.
I
Extracted terms are in an extension T + of Gödel’s T , the
term language of TCF. They denote partial continuous
functionals (Scott/Ershov).
I
Verification is automatic (soundness theorem).
I
Minlog provides a translation to Haskell for (lazy) evaluation.
I
“Code carrying proof” can be a reasonable alternative to
“Proof carrying code” (Necula).
16 / 16