ＰＡ workshop kyoto 2001/01/10,11 from proof animation to limit-computable mathematics susumu...

ＰＡ workshopKyoto2001/01/10,11

From Proof Animation toLimit-Computable Mathematics

Susumu Hayashi

Kobe University

This is a joint work with

Yoji Akama, Tohoku Univ.Hajime Ishihara, JAIST

Shyun-ichi Kimura, Hiroshima Univ.Ulrich Kohlenbach, BRICS

Masahiro Nakata, Kobe Univ.Mariko Yasugi, Kyoto Sangyo Univ.

X

proof checking

test of programs

verification of programs=

X = test of proofsSynonym: Proof animation

Analogy to specification

animation of formal methods

Towards Animation of Proofs –testing proofs by examples-, Hayashi, et al., TCS, in print. Available from my home page.

Why Proof Animation?

• It’s a “contraposition” of the developments of correct programs by program extraction.

– If something is wrong with the extracted program, then something is wrong with the original proof.

– Normally, the proofs tested are incomplete proofs under development.

• We can find bugs in goals, subgoals, definitions and strategies of proofs before we go far into the development of proofs.

-- ASSUMPTION --There is a bag.

And some white or black marbles are in it.

What is “test of proof”?: An Example

-- CONCLUSION --All marbles in the bag are of the same color.

This is wrong.

However, we prove it by mathematical induction!

Proof of the theorem

– The theorem holds for group A and B, since they have only n marbles. All the marbles are of the same color, since they share an.

a1, a2, ・・・ , an, an+1

group A

group B

• Base case n=1 is easy

• The induction step

What is wrong?

Animation of the “proof”

Animating the proof by an appletJust click the button.

Systematic proof animation

• The applet was written by hands.

• Automatic generation of such an applet from a proof is the ultimate goal of Proof Animation project.

– graphics animation library

– Generation of algorithm from proof by Curry-Howard

The program extracted from a formal proof of the puzzle.

Proof animation of classical proofs

• Classical reasoning is used even in finite mathematics.

• Thus, classical “proof execution” principles such as calculus and double negation translation+A-translation must be used for proof animation.

Accountability of proof execution

• A “proof execution” principle with the following two criteria is said accountable:

1. computational contents (programs) associated to proofs are legible.

2. association between proofs and programs is legible.

Accountability of proof execution is indispensable for proof animation

• Finding bugs of a proof by its execution is understanding proofs by understanding the execution.

• Thus associated computational contents and the association must be legible as the case of applet for the puzzle.

Almost accountable interpretation: Berardi’s approximation theory

• Almost all proof execution methods for classical logic do not meet the criteria.

• But Berardi’s approximation interpretation for classical proofs meets the first criteria for some examples:

– Minimal value of numerical functions ForAll f Nat ->Nat.Exists n:Nat. ForAll x:Nat.f(n) is smaller than or equal to f(x).

– an semi-algorithm is extracted from a classical proof of the theorem.

Berardi’s semi-algorithm extracted

• Regard the function f as a stream f(1), f(2), f(3),…

• Have a box of a natural number.

• Put f(1) in the box.

• Compare the content of the box with the next element of the stream. If the new one is smaller than the number in your box, put the new one in the box.Repeat it infinitely.

– Caution: this is a little bit incorrect argument

In what sense the semi-algorithm compute the answer?

• The process does not stop.• But your box will eventually contain

the correct answer and then the content will never been changed.

• In this sense, this non-terminating process computes the right answer in the limit.

• You will have a right answer, but you will never know when you got it.

Second criteria?

• This explanation of Berardi’s algorithm is enough for the first criteria of accountable proof execution.

• But, unfortunately, it is not straight-forward to see how this explanation is obtained from his interpretation applied to the proof of the minimum value theorem. No second criteria.

A solution to the problem of accountable classical proof execution

• There might be no accountable proof execution for all classical proofs.

• Thus, find a fragment F of classical mathematics such that

1. proof execution for F is accountable.

2. Enough mathematics can be done in F.

Learning Theory gives such a fragment: Gold’s argument

• Berardi’s argument is the same as the central idea of Algorithmic Learning Theory

– pointed out by Yamamoto

– Paulin’s related comment on LPO• Gold’s theory of Limiting Recursion in JSL.

1965: a seminal work of learning theories.

Limiting Recursive Function

• f(x)= limn g(x,n), then f is called limiting

recursive, when g is recursive.

– g(x,1), g(x,2), … is guessing (learning) the value of f(x).

– g is called a guessing function of f• Berardi’s semi-algorithm is a function

guessing the minimum value of the function f.

A fragment of classical mathematics whose BHK-interpretation is realized by limiting recursive functions rather than recursive functions.

A formalization: constructive formal

theories enhanced with 02 –DNE.

LCM: Limit-Computable Mathematics

How this idea came out?: Hilbert’s finite basis theorem

In his 1890 proof of the finite basis theorem, D. Hilbert used the same semi-algorithm as Berardi’s. And this was called “theology” by Gordan.

It solved Gordan’s problem: one of the first successes of transfinite mode of thought in modern algebra.

I was studying the paper as an far origin of “Hilbert program”

Hilbert’s argument 1890,1897 (1)

In his 1890 paper and 1897 lectures at Goettingen, Hilbert was arguing almost the same as Berardi did!!

It is the point Gordan was against(a letter from Gordan to Klein, Feb.24,1890): It does not satisfy the requirements of recursive proofs. No, full and clear arrangement (Einteilung) of forms.

Hilbert’s argument 1890,1897 (2)

Because, it was a proof by limit-argument!

Hilbert was proving a version of finite basis theorem. In a modern terminology. Every ideal of homogeneous polynomials with many (but fixed) variables are finitely generated.

But he formulated it by means of stream and argue as Berardi or Gold.

The stream formulation by Hilbert 1890,1897 (3)

The proof by limit-arguments 1890,1897 (4)

• He prove it by induction on the numbers of variables. The most impressive is the base case.

• A stream of 1-variable forms are c1xr1, c2xr2,….

• The basis is a single form crxr s.t. r is the minimum of r1, r2,…

• He argued as follow…. (From, David Hilbert, “Theory of Algebraic Invariants”, pp. 126-7, Cambridge Univ. Press)

The proof by limit-arguments 1890,1897 (5A)

• Let c1xr1 be the first form of the sequence with a coefficient different from zero.

• We then look for the next form in the sequence whose order is less then r1;

• if there is no such form, we retain c1xr1. • But…

The proof by limit-arguments 1890,1897 (5B)

• But if there is one, say c2xr2, then we proceed to the next form in the sequence whose order is less than r2.

• If we continue in this manner, then we finally arrive at a form cixri=Fm in the sequence with the property that none of the subsequent forms have order less than ri.

• Every form is then divisible by Fm…

To formal businesses!

• I will explain formal developments of LCM and its realizability by the paper distributed on white boards.

• The paper: Limiting first order realizabiliy interpretation, by Nakata and Hayashi

• Warning! The paper was just submitted for publication.Not yet accepted. The running head is a dummy.The running head is a dummy.

Semi-classical principles

• 0n-LEM (Law of Excluded Middle):

Exists x.A or not Exists x.A for 0

n-1-formula A.

• 0n-LEM:

ForAll x.A or not ForAll x.A for 0

n-1-formula A.

• 0n-DNE (Double Negation Elimination):

(not not Exists x.A) implies Exists x.A for 0

n-1-formula A.

Why these principles?

• Limiting recursive functions are equivalent to 0

2-functions by Shoenfield’s limit lemma:

– a set is 0n+1-set iff its characteristic

function g(x) is defined as g(x)=limt1

・・・ limt ｎf(t1, ・・・ ,

tn,x), where f is primitive recursive.

Relations to existing principles

01-LEM is LPO (limited principles of

omniscience) without function variables.

01-LEM is weak LPO without function

variables.

01-DNE is Markov’s principle for

recursive predicates.• Note: They are not equivalent to LPO and WLPO

since they do not have function variables. No repetition!

02–DNE

01–LEM

02–LEM

02–LEM

02–LEM

01–LEM

01–LEM

01–DNE

HA |-

The implications of →are provable in HA

The implications of →are not provable in HA

The two starred →are difficult and dueto U. Kohlenbach.

The hierarchy of the semi-classical principles up to n=2

Limiting realizability and 02-DNE

• HAL=HA+ 02-DNE (HA with Limit)

• Kleene-realizability with limiting recursive functions realizes HAL.

• This gives an accountable semi-classical proof execution method.

• Then next criteria: enough mathematics?

An example of LCM: Hilbert’s invariant theory

In his 1890 proof of the finite basis theorem, D. Hilbert used the same semi-algorithm as Berardi’s. And this was called “theology” by Gordan.

It solved Gordan’s problem: one of the first successes of transfinite mode of thought in modern algebra.

His proof is formalizable in HAL(f).

Analysis?

• The classical theorems provable only in approximated forms in Bishop constructive mathematics seem provable in LCM in exact forms, i.e., without using approximation.

• Examples: Hahn-Banach theorem, ergodic theorem, minimum value theorem, etc.etc.

LCM will be the fragment!

• Proof animation by LCM

– LCM has an accountable computational interpretation by learning processes or approximation.

– Yet to be shown enough for many mathematics, but very promising.

• It’s interesting by its own sake and is related to many other areas.

LCM: results and conjectures I

• Many theorems of 19th and early 20th centuries math. will be provable in LCM including Hahn-Banach, etc.

• Even many statements in such math will be 0

3. (Berardi)

• Formal theories for such a higher order LCM are necessary.

LCM: results and conjectures II

• Almost all abstract computable calculi will be closed under “limiting”-construction.

– Two positive answers-BRFT (Nakata & Hayashi)PCA (Akama)

– Yet to know for type theoriesPractical implication: e.g. Lim(Coq) is

directly coded in Coq. No change of Coq kernel for proof animation.

LCM: results and conjectures III

• Such a limiting-construction will be explained by some “internal” construction in -valued sets, where is the complete Heyting algebra of co-finite subsets of . Akama’s construction.

• A relation to finitely presented categories?

• Markov’s rule for 0n-formulas (admissible rule of

0n+1-DNE) holds for HA+0

n-LEM (conjectured by Berardi for n=1 case and proved by Hayashi).

LCM: results and conjectures IV

• Some computability theories over reals will be related to LCM.

1. computable functions of BSS theory is in a sense limiting recursive.

2. Yasugi’s argument of computability of Gaussian function can be explained by limit process.

• The other way around, LCM will be explained by these theories alike.

A future work: calculus of limiting processes

• Each limiting recursive function has only one Limit.

• Hilbert’s proof suggests that each instance of LEM corresponds to a limit-process generating a stream of guesses.

• Since some LEM’s are used in the proof, the limit computation associated to Hilbert’s proof will be understood as a net of communicating limit-processes.

A future work: calculus of limiting processes (continued)

• It is easy to have a clear and intuitive picture of such a communication in mind just by looking at Hilbert’s proof.

• We need a formal calculus for such a communication and its implementation for practical proof animation of Hilbert’s proof and others.

Other future works

• “reverse mathematics” of transcendency

• the proper logic of LCM

• relations to

– learning theory and recursion theory:degrees of unsolvability, Boolean hierarchy, etc.

– numerical analysis– computer algebra (Sturmfels’ work)

Other future works (continued)

• Etc. etc.

• I will make their list and put it at my homepage in a month:

• http://alan.scitec.kobe-u.ac.jp/~hayashi