axiomatic reals in type theory for program extractionsimpson/ccc2019talks/park.pdf · axiomatic...
TRANSCRIPT
Axiomatic Reals in Type Theory for ProgramExtraction
Sewon ParkKAIST
CCC2019, September 4, 2019
This work was supported by the National Research Foundation of Korea (NRF)grants funded by the Korea government (MSIT) (No. NRF-2016K1A3A7A03950702& No. NRF-2017R1E1A1A03071032) and the grant funded by the Koreagovernment (MOE) (No. NRF-2017R1D1A1B05031658) .
Sewon Axiomatic Reals in Type Theory for Program ExtractionSeptember 4, 2019 1 / 33
Outline
1 Motivation
2 Set of Axioms
3 Example: IVT
Sewon Axiomatic Reals in Type Theory for Program ExtractionSeptember 4, 2019 2 / 33
Motivation
Motivation
Sewon Axiomatic Reals in Type Theory for Program ExtractionSeptember 4, 2019 3 / 33
Motivation
Motivation: Exact Real Numbers in PL
Internal approaches:Construct a datatype REAL from primitive datatypesArithmetic operations defined by primitive operations(induced) Semantics are of course computable(?)
External approaches:Have primitive datatype REALArithmetic operations are primitiveNo need to care about representation related detailsNeed to be cautious that (defined) semantics are computable
REALPCF WHILECC* ERCiRRAM Ariadne AERN2 Marshall
Sewon Axiomatic Reals in Type Theory for Program ExtractionSeptember 4, 2019 4 / 33
Motivation
Motivation: Exact Real Numbers in PL
Pick one programming language with type systemAdd Real to its primitive datatypesAdd Real typed constants 0, 1,−1, · · ·Add primitive operators +,−,×, · · ·Define their semantics Jt : RealK ⊆ R ∪ {⊥}
J42K := {42}
Jx+ yK :=⋃
v1∈JxK v2∈JyK
{{v1 + v2} if v1, v2 6= ⊥{⊥} otherwise
Defined semantics should be computableMany computable functions should be expressible
Sewon Axiomatic Reals in Type Theory for Program ExtractionSeptember 4, 2019 5 / 33
Motivation
Motivation: Exact Real Numbers in PL
Partiality of Comparison:
Jx > yK :=⋃
v1∈JxK v2∈JyK
{tt} if v1 > v2
{ff } if v2 > v1
{⊥} if v1 = v2
Multivaluedness:
Jchoose(b1, b2)K :=⋃
v1∈Jb1K v2∈Jb2K
{tt} if v1 = tt{ff } if v2 = tt{⊥} if v1 = v2 = ⊥ or ff
Limit:when there exists u ∈ R s.t. ∀y ∈ Jf(n, x)K, |y − u| < 2−n
Jlimit(n, f(n, x))K := {u}
Sewon Axiomatic Reals in Type Theory for Program ExtractionSeptember 4, 2019 6 / 33
Motivation
Motivation: Exact Real Numbers in PL
NaiveComp(x, y) := x > y
SoftComp(x, y, e) := choose(x > y − e, y > x− e)
Max(x, y) := limit(n, if SoftComp(x, y, 2−n) then x else y)
Sewon Axiomatic Reals in Type Theory for Program ExtractionSeptember 4, 2019 7 / 33
Motivation
Motivation: Exact Real Numbers in TT
Real number type by constructionBuild a type REAL from primitive typesArithmetic operations definedProperties of real numbers can be proved.
Real number type by axiom:Say REAL is a type!Arithmetic operations are assumed as term constantsno need to care about representation related detailsProperties of real numbers also are axioms
Sewon Axiomatic Reals in Type Theory for Program ExtractionSeptember 4, 2019 8 / 33
Motivation
Motivation: Coq’s standard library for reals
Type R is assumed.Constants 0, 1 : R are assumed.terms +, ∗ : R→ R→ R, ×,÷ are assumed.The following axioms assumed:
Axiom Rplus_comm : ∀x y:Rx+ y = y + x
Axiom Rplus_assoc : ∀x y z:Rx+ y + z = x+ (y + z)...Axiom total_order_T : ∀x y:Rx > y ∨ x = y ∨ y > x
...
Sewon Axiomatic Reals in Type Theory for Program ExtractionSeptember 4, 2019 9 / 33
Motivation
Motivation: Coq’s standard library for reals(Consequence)
Lemma Sign : ∀x:R∃b:boolx > 0→ b = true ∧ x ≤ 0→ b = falseProofcase distinction ontotal_order_T : ∀x y:Rx > y ∨ x = y ∨ y > x
QedExtraction Sign
Which set of axioms?..
Sewon Axiomatic Reals in Type Theory for Program ExtractionSeptember 4, 2019 10 / 33
Set of Axioms
Set of Axioms
Sewon Axiomatic Reals in Type Theory for Program ExtractionSeptember 4, 2019 11 / 33
Set of Axioms
Base TT
Constructive Typei → ∧ ∀∃ ∨
Classical Prop ∃ ∨
∃x:AB(x) := [∃x:AB(x)]=T ,N, 2, 1, 0 and their induction principlesLEM and proof irrelevance assumedand R!!
Sewon Axiomatic Reals in Type Theory for Program ExtractionSeptember 4, 2019 12 / 33
Set of Axioms
Partiality, Multivaluedness and Limit
∀x y:Rx > y ∨ x = y ∨ y > x is Okay∀x y:Rx > y ∨ x = y ∨ y > x is not!is ∀x y e:Re > 0→ x > y − e ∨ y > x− e okay to have?
f : ∀x y e:Re > 0→ x > y − e ∨ y > x− efor any x = x′, y = y′ and p : e > 0 we have
f x y e p = f x′ y′ e p ={〈0, ·〉〈1, ·〉
Sewon Axiomatic Reals in Type Theory for Program ExtractionSeptember 4, 2019 13 / 33
Set of Axioms
Partiality, Multivaluedness and Limit
Motivation:Given two semi-decidable propositions P,QGiven a promise that at least one of the two holds (withoutknowing exactly which one does)We can choose one multivaluedly
Axiom (Partiality type)S is a type with two known elements ↓, ↑: SDefine s ↓ to denote s = ↓: prop
Definitionsemi P := ∃s:S P ↔ s ↓
Sewon Axiomatic Reals in Type Theory for Program ExtractionSeptember 4, 2019 14 / 33
Set of Axioms
Partiality, Multivaluedness and Limit
Axiom (Partiality type)S is a type with two known elements ↓, ↑: SDefine s ↓ to denote s = ↓: prop
Definitionsemi P := ∃s:S P ↔ s ↓
Example
∀n m:N semi n = m
Define dec P := P ∨ ¬P . Then, dec P → semi Psemi P → dec P?
Sewon Axiomatic Reals in Type Theory for Program ExtractionSeptember 4, 2019 15 / 33
Set of Axioms
Partiality, Multivaluedness and Limit
Axiom (multivalued types)When T is a type, mv T is a type. For any t : T , we haveι t : mv T .For any function f : A→ mv B, we can lift its domainlift f : mv A→ mv B.When T is weakly singleton, we can recover the single valuedelement r : ∃t:T 1→ ∀a b:Ta = b→ mv T → T .
Definition (multivalue existence)
Let ∃a:AB(a) be the multivalued type mv(∃a:AB(a)
)Let A ∨ B be the multivalued type mv
(A ∨B
)
Sewon Axiomatic Reals in Type Theory for Program ExtractionSeptember 4, 2019 16 / 33
Set of Axioms
Partiality, Multivaluedness and Limit
Example (multivalue join)Suppose f : A→ ∃x:C P (x)Suppose g : B → ∃x:C P (x)Case distinction yields k : A ∨B → ∃x:C P (x)Injection and lifting yields k : A ∨ B → ∃x:C P (x)If A ∨ B is known, we have ∃x:C P (x)
Exactly the multivalued branching
Sewon Axiomatic Reals in Type Theory for Program ExtractionSeptember 4, 2019 17 / 33
Set of Axioms
Partiality, Multivaluedness and LimitMotivation:
Given two semi-decidable propositions P,QGiven a promise that at least one of the two holds (withoutknowing exactly which one does)We can choose one multivaluedly
Axiom (multivalued select)select : ∀s1,s2:S s1 ↓ ∨ s2 ↓ → s1 ↓ ∨ s2 ↓
Definitionsemi P := ∃s:S P ↔ s ↓
Lemmachoose : ∀P,Q:prop semi P → semi Q→ P ∨ Q→ P ∨ Q
Sewon Axiomatic Reals in Type Theory for Program ExtractionSeptember 4, 2019 18 / 33
Set of Axioms
Partiality, Multivaluedness and Limit
Example∀P :Prop semi P → semi ¬P → dec PProof
LEM P : P ∨ ¬PLet p1 : semi P and p2 : semi ¬Pchoose P ¬P p1 p2 (LEM P ) : P ∨ ¬PP ∨ ¬P is weakly singletonrecovering axiom yields P ∨ ¬P
Qed
Sewon Axiomatic Reals in Type Theory for Program ExtractionSeptember 4, 2019 19 / 33
Set of Axioms
Partiality, Multivaluedness and Limit
∀x y:Rx > y ∨ x = y ∨ y > x is Okay∀x y:Rx > y ∨ x = y ∨ y > x is not!∀x y e:Re > 0→ x > y − e ∨ y > x− e is also not!Instead, we have ∀x y:R semi x > y
ExampleSoftComp : ∀x,y,ε:R ε > 0→ (x > y − ε ∨ y > x− ε)Proof
t : x > y − ε ∨ y > x− ε form weak totalitya : semi (x > y − ε) and b : semi (x > y − ε) are from axiomschoose a b t is a proof for (x > y − ε ∨ y > x− ε)
Qed
Sewon Axiomatic Reals in Type Theory for Program ExtractionSeptember 4, 2019 20 / 33
Set of Axioms
Partiality, Multivaluedness and Limit
Example∀x:R x 6= 0→ x > 0 ∨ 0 > xProof
From weak total order, x > 0 ∨ x < 0From choose and semi, we have x > 0 ∨ x < 0x > 0 ∨ x < 0 weakly singletonRecovering axiom yields x > 0 ∨ x < 0
Qed
Sewon Axiomatic Reals in Type Theory for Program ExtractionSeptember 4, 2019 21 / 33
Set of Axioms
Partiality, Multivaluedness and Limit
if a sequence of multivalued real numbers converge to a point u, the ucan be computed
lim :∃!u:R P u→∀n:N ∃z:R ∃u:R P u ∧ |z − u| < 2−n →∃u:R P u
Sewon Axiomatic Reals in Type Theory for Program ExtractionSeptember 4, 2019 22 / 33
Set of Axioms
Partiality, Multivaluedness and Limit
Example (Maximum)∀x,y:R∃z:RM x y z where M x y z := x ≥ y → x = z ∧ y > x→ y = zProof
unique : ∃!z:RM ;x y z.Assume any natural number nConstruct f : x > y − 2−n → ∃u:R∃z:RM(x, y, z) ∧ |u− z| < 2−n
Construct g : y > x− 2−n → ∃u:R∃z:RM(x, y, z) ∧ |u− z| < 2−n
join f and g yieldsx > y − 2−n ∨ y > x− 2−n → ∃u:R∃z:RM(x, y, z) ∧ |u− z| < 2−n
SoftComp yields x > y − 2−n ∨ y > x− 2−n.Hence, we have k : ∀n:N∃u:R∃z:RM(x, y, z) ∧ |u− z| < 2−n
lim unique k is a proof.
QedSewon Axiomatic Reals in Type Theory for Program ExtractionSeptember 4, 2019 23 / 33
Set of Axioms
Axioms for Reals
Classical axioms for complete ordered field:
field axioms A1 0 6= 1A2 x+ y = y + x A3 x+ y + z = x+ (y + z)A4 x+ 0 = x A5 x− x = 0A6 x ∗ y = y ∗ x A7 x ∗ y ∗ z = x ∗ (y ∗ z)A8 x ∗ 1 = x A9 x ∗ /x = 1A10 x ∗ (y + z) = x ∗ y + x ∗ z order axiomsA11 x = y ∨ x > y ∨ y > x A12 x > y → y > z → x > z
A13 x > y → ¬y > x A14 x > y → x+ z > y + z
A15 z > 0 → x > y → z ∗ x→ z ∗ y order completeness
Sewon Axiomatic Reals in Type Theory for Program ExtractionSeptember 4, 2019 24 / 33
Set of Axioms
Axioms for Reals
Axioms for complete ordered field:
field axioms A1 0 6= 1A2 x+ y = y + x A3 x+ y + z = x+ (y + z)A4 x+ 0 = x A5 x− x = 0A6 x ∗ y = y ∗ x A7 x ∗ y ∗ z = x ∗ (y ∗ z)A8 x ∗ 1 = x A9 ∀t:x 6=0 x/t = 1A10 x ∗ (y + z) = x ∗ y + x ∗ z order axiomsA11 x = y ∨ x > y ∨ y > x A12 x > y → y > z → x > z
A13 x > y → ¬y > x A14 x > y → x+ z > y + z
A15 z > 0 → x > y → z ∗ x→ z ∗ y A16 semi x > y
A17 ∃n:N|x| < n < |x|+ 1 metric completeness (lim)
Sewon Axiomatic Reals in Type Theory for Program ExtractionSeptember 4, 2019 25 / 33
Set of Axioms
Axioms for Reals
Axiom (Reals R)R is a type with two known elements 0, 1 : R.+,-,*,/ are constantsThe axioms are inhabited
Sewon Axiomatic Reals in Type Theory for Program ExtractionSeptember 4, 2019 26 / 33
Example: IVT
Example: IVT
Sewon Axiomatic Reals in Type Theory for Program ExtractionSeptember 4, 2019 27 / 33
Example: IVT
Example: IVT
IVT f x y : continuous function f weakly has its root in (x, y)when f x < 0 < f y
IVT? f x y : continuous function f has its root in (x, y) whenf x < 0 < f y
uniq f x y := continuous f has weakly unique root in (x, y) withf x < 0 < f y
IVT f x y : f has a root in (x, y) when uniq f x y holds
Sewon Axiomatic Reals in Type Theory for Program ExtractionSeptember 4, 2019 28 / 33
Example: IVT
Example: IVT
refinement : ∀a b c:R a < b < c→ uniq f a c→f b < 0→ uniq f b c∧f b > 0→ uniq f a b
˜Signtest : ∀a b c d:Ra < b < c < d→ uniq f a d→ fb < 0 ∨ fc > 0Signtest : ∀a b c d:Ra < b < c < d→ uniq f a d→ fb < 0 ∨ fc > 0trisection_step : ∀a d:Ra < d→ uniq f a d→∃b c:Runiq f b c ∧ |c− d| < 2 ∗ |d− a|/3
Sewon Axiomatic Reals in Type Theory for Program ExtractionSeptember 4, 2019 29 / 33
Example: IVT
Example: IVT
∀n:N∃x y:R uniq f x y ∧ |y − x| < 2−n
Induction on n:∃a d:Runiq f a d ∧ |d− a| < 2−n
∃b c:Runiq f b c ∧ |b− c| < 2−n−1
Apply lift:∃a d:Runiq f a d ∧ |d− a| < 2−n
∃b c:Runiq f b c ∧ |b− c| < 2−n−1
Apply trisection_step twice
Sewon Axiomatic Reals in Type Theory for Program ExtractionSeptember 4, 2019 30 / 33
Example: IVT
Program Extraction
〈〈mv T 〉〉 := 〈〈T 〉〉〈〈ιt〉〉 := 〈〈t〉〉〈〈lift f〉〉 := 〈〈f〉〉〈〈S〉〉 := unit 〈〈↓〉〉 := ∗ 〈〈↑〉〉 := ⊥〈〈select s1 s2 p〉〉 := select 〈〈s1〉〉 〈〈s2〉〉
lim : ∀P :R→prop ∃!z:R P z → (∀n:N. (∃z:R ∃u:R P u ∧ |u− z| < 2−n))→∃u:RP u
〈〈lim p f〉〉 := limλ n. fst 〈〈f〉〉 nA16 : semi x > y := ∃s:S s ↓↔ x > y
〈〈A16 x y〉〉 := (x > y, ∗)
Sewon Axiomatic Reals in Type Theory for Program ExtractionSeptember 4, 2019 31 / 33
Example: IVT
Program Extraction
implemented in OCaml (for fun); already takes few minutes totype check and extract the proof for max:
implemented in Coq as the standard library is:
Sewon Axiomatic Reals in Type Theory for Program ExtractionSeptember 4, 2019 32 / 33
Example: IVT
Conclusion
Specified a set of axioms for having real numbers which enablesERC-like program extractionProved some example lemmasfuture works?..
Sewon Axiomatic Reals in Type Theory for Program ExtractionSeptember 4, 2019 33 / 33