the countable choice axiom

A program for

the countable choice axiom

Jean-Louis Krivine

PPS Group, University Paris 7, CNRS krivine@pps.jussieu.fr

Luminy, November 24, 2004

The extended Curry-Howard correspondence

We give a method to get imperative programs from usual mathematical proofs.

There are essentially two frameworks for mathematics :

• Analysis i.e. Second order classical logic with the dependent choice axiom

• Classical Zermelo-Fraenkel set theory with the axiom of choice

For each axiom of these theories, we must find a suitable instruction in our programming language : an extended λ-calculus.

This problem is now solved for all but one axiom : the full choice ; it seems this last axiom will not resist too long.

The aim of this talk is : write an explicit program

for the countable choice axiom and explain its behaviour (in analogy with call-cc for the law of Peirce).

The λ _c -calculus

¤_c (resp. ¤⁰_c) is the set of arbitrary (resp. closed) λ_c-terms.

¦ is the set of stacks. They are built following these rules : 1. Any variable x, and the constant cc are λ_c-terms.

2. If t, u are λ_c-terms and x is a variable, then (t)u and λx t are λ_c-terms.

3. If π is a stack, the constant k_π is a λ_c-term (called a continuation).

A stack is a sequence π = t₁. . . . .t_n.ρ of closed λ_c-terms t_i ended with a stack constant ρ (the bottom of the stack) ;

t.π denotes the stack obtained by pushing t on the top of π.

The constant cc is an example of instruction.

We may add other instructions and give, for each of them, the corresponding rule of reduction.

Execution of processes

A process is a couple : t π with t ∈ ¤⁰_c , π ∈ ¦.

A process can be performed, a λ_c-term alone cannot.

t is called the head of the process t π.

At each moment, the head is the active part of the process.

The rules of reduction for processes are (with π, π ∈ ¦ and t, u ∈ ¤⁰_c) :

tu π t u.π ^(push) cc t.π t k_π.π (store the stack)

λx t u.π t[u/x] π (pop) k_π t.π t π (restore the stack)

For each new instruction χ, we give a rule of reduction for χ.

For instance, if χ is a stop instruction, the rule is : χ π t ρ for no process t ρ.

In the following, we use an instruction χ (signature) with the rule :

χ t.π t n_π.π n_π is a Church integer

which is the number of the stack π in a fixed enumeration of ¦.

Typing in classical 2nd order logic

The only logical symbols are →, ∀ and function symbols on individuals.

⊥ is defined as ∀X X ; A ∧ B as ∀X{(A, B → X) → X} ;

∃x F[x] as ∀X{∀x(F[x] → X) → X} ; x = y as ∀X(Xx → Xy) ; etc.

Let ¡ denote x₁ : A₁, . . . , x_n : A_n (a context). Typing rules are : 1. ¡ x_i : A_i (1 ≤ i ≤ n)

2. ¡ t : A → B, ¡ u : A ⇒ ¡ tu : B. 3. ¡, x : A t : B ⇒ ¡ λx t : A → B. 4. ¡ t : (A → B) → A ⇒ ¡ cct : A.

5. ¡ t : A ⇒ ¡ t : ∀x A (resp. ∀X A) if x (resp. X) is not free in ¡.

6. ¡ t : ∀x A ⇒ ¡ t : A[τ/x] for every term τ.

7. ¡ t : ∀X A ⇒ ¡ t : A[©(x₁, . . . , x_n)/Xx₁ . . . x_n] for each formula ©.

The comprehension scheme for second order logic is included in 7, the law of Peirce in 4.

Realizability

The notion of model is the usual one, for a second order language with only function symbols on individuals.

Simply the set of truth values is now P(¦) instead of {0,1}.

Thus, a model M is a set M of individuals (M = N in this talk), together with an interpretation f_M : M^k → M of each k-ary function symbol f. 2nd order variables of arity k are valued in P(¦)^Mk = P(¦×M^k).

To define realizability, let ⊥⊥ be a fixed saturated set of processes, i.e. : t π ∈ ⊥⊥, t π t π ⇒ t π ∈ ⊥⊥

Let t ∈ ¤⁰_c and P _⊂ ^¦ be a truth value.

We say that t −P (t realizes P) iff (∀π ∈ P⁾t π ∈ ⊥⊥.

We can now define the truth value and the realizability for any formula.

Realizability ^(cont.)

Let A be a closed 2nd order formula with parameters in M and P(¦×M^k).

Its truth value, defined below, is a subset of ¦ denoted by A .

Thus, we say that t −A (t realizes A) iff (∀π ∈ A )t π ∈ ⊥⊥. Definition of A , by induction on A :

A atomic i.e. R(a₁, . . . , a_k), R ∈ P(¦)^Mk, a_i ∈ M : obvious.

A → B = {t.π ; t −A, π ∈ B } ; ∀x A =

a∈M

A[a/x]

∀X A = { A[R/X] ; R ∈ P(¦×M^k)} Thus t − ∀x A ⇔ (∀a ∈ M) t −A[a/x]

and t − ∀X A ⇔ (∀R ∈ P(¦×M^k)) t −A[R/X]. The set {t ∈ ¤⁰_c ; t −A} is denoted by |A|.

Generalized formulas

A formula F[x₁, . . . , x_k] define a k-ary predicate, i.e. an application of N^k into the set P(¦) of truth values.

We shall need to define predicates by other means, which lead us to write generalized formulas, for instance :

<

m<n

F(m) ; its truth value is ^<

m<n

F(m) =

m<n

F(m) .

A → B where A is a subset of ¤⁰_c and B is a formula. Its truth value is : A → B = {t.π ; t ∈ A, π ∈ B }

Of course, such generalized formulas are only abbreviations for predicates ; there is no particular rule of deduction to handle them.

Proofs and terms

Realizability is a fundamental tool because it is compatible with classical second order deduction :

Adequation lemma.

If x₁: ©₁, . . . , x_n : ©_n t : © and if t_i −©_i (1 ≤ i ≤ n)

then t[t₁/x₁, . . . , t_n/x_n] −©.

This property is useful for two reasons :

1. To solve the specification problem for a given theorem ©, i.e. to understand the common behaviour of λ_c-terms extracted from proofs of ©.

A very interesting but difficult problem. We can use the adequation lemma and study the behaviour of λ_c-terms which realize ©.

2. To extend the λ_c-calculus with new instructions which realize given axioms or independent formulas (like AC, CH, etc).

In this talk, we deal with the axiom of countable choice.

Definitions and remarks

A proof-like term is a closed λ_c-term which contains no continuation.

We say that the formula © is realized if τ −© for a proof-like term τ. Thus :

• Every term which comes from a proof is proof-like.

• If the axioms are realized, every provable formula is realized.

The truth values ∅ and ¦ are denoted by and ⊥. There is no other iff ⊥⊥ = ∅. It is a degenerate case in which we get the usual two-valued notion of model.

If ⊥⊥ = ∅, then τ − ⊥ for some τ ∈ ¤⁰_c : take t π ∈ ⊥⊥ and τ = k_πt.

The choice of ⊥⊥ is generally done according to the theorem © for which we want to solve the specification problem. Let us take a trivial example :

Theorem. If θ comes from a proof of ∀X(X → X) (with any realized axioms) then θ t.π t π i.e. θ behaves like λx x.

Proof. Take ⊥⊥ = {p ; p t π} and X = {π}. QED

Example : θ = λxccλk kx.

The countable axiom of choice

It is the following axiom scheme (for any formula F) :

∃V ∀x(F[x, V (x, y)/Xy] → ∀X F[x, X])

In order to realize this formula, let n → π_n be a fixed surjection of N ^{onto ¦.} We define a new instruction χ by the reduction rule :

χ ξ.π ξ n.π

for every ξ ∈ ¤⁰_c and π ∈ ¦ ; n is any Church integer such that π_n = π The simplest way, at first sight, to implement this, is to choose

a recursive bijection for the function n → π_n.

A practical method is by means of a signature (like MD5 or SHA1).

But there are other possibilities, for example a clock.

The intuitionistic countable choice axiom

We now show that χ almost realizes the countable choice axiom : Theorem. There exists U : N³ → P(¦) such that

χ − ∀x{∀n(Int[n] → F[x, U(x, n, y)/Xy]) → ∀X F[x, X]}. Proof. By definition of ∀X F[x, X] , we have :

π ∈ ∀X F[x, X] ⇔ (∃R ∈ P(¦)^N)π ∈ F[x, R/X] .

By countable choice, we get a function U : N³ → P(¦) such that

π ∈ ∀X F[x, X] ⇔ π ∈ F[x, U(x, n, y)/Xy] , for any n s.t. π_n = π. Let x ∈ N^{, ξ} − ∀n(Int[n] → F[x, U(x, n, y)/Xy]) and π ∈ ∀X F[x, X] . We must show that χ ξ.π ∈ ⊥⊥ and, by the rule for χ, it suffices to show

ξ n.π ∈ ⊥⊥ for any n s.t. π_n = π. But this follows from

n −Int[n], π ∈ F[x, U(x, n, y)/Xy] (by definition of U) and

ξ −Int[n] → F[x, U(x, n, y)/Xy]. QED

The intuitionistic countable choice axiom ^(cont.)

We have shown that the following axiom scheme is realized (by λx xχ) :

∃U∀x{∀n(Int[n] → F[x, U(x, n, y)/Xy]) → ∀X F[x, X]} It may be called the intuitionistic countable choice axiom.

Indeed, the predicate U has been explicitly given.

The usual countable choice axiom follows easily, but not intuitionistically.

Merely define, for each x, the unary predicate V (x,•) as U(x, n,•) for the first integer n such that ¬F[x, U(x, n, y)/Xy],

or as N if there is no such integer.

We must be very careful in formalizing this proof, in order to get a rather simple program and understand its behaviour.

Formalizing this proof

Notation. Given a formula F[x, X], we write F_U(x, n) for F[x, U(x, n, y)/Xy].

Set V (x, y) ≡ ∀n{⁾m<n|{m} → F_U(x, m)|, {n}, ¬F_U(x, n) → U(x, n, y)} We should prove the countable choice : ∀x{F[x, V (x, y)/Xy] → ∀X F[x, X]} but a problem arise from extensionality. We need to relax a little :

∀x{∀X(X V x → F[x, X]) → ∀X F[x, X]} where X V x is the formula ∀y(Xy ↔ V (x, y)). This is clearly a form of the countable choice axiom.

Now, we have shown that :

χ − ∀x{∀n({n} → F_U(x, n)) → ∀X F[x, X]} so that we only need to prove :

∀X(X V x → F[x, X]) → ∀n({n} → F_U(x, n))

Formalization ^(cont.)

We now use a property of the fixpoint operator. If Z is a unary predicate, then : Y − ∀n|⁾m<n Zm → Zn| → ∀n Zn

Easy proof, by induction on n. Intuitive meaning : < is well founded on N^. We take Zn ≡ {n} → F_U(x, n) and it remains to prove :

∀X(X V x → F[x, X]), ⁾_m<n |{m} → F_U(x, m)|, {n} → F_U(x, n) But now n is fixed (and also x) and we can replace Xy with U(x, n, y).

So, we get the following three hypothesis :

∀y[U(x, n, y) ↔ V (x, y)] → F_U(x, n) ; ⁾_m<n |{m} → F_U(x, m)| ; {n} and we must conclude F_U(x, n).

By the law of Peirce, we can add the hypothesis ¬F_U(x, n) for free.

Formalization (cont.)

It remains to prove two formulas : V (x, y) → U(x, n, y) ; U(x, n, y) → V (x, y) with three hypothesis : ⁾_m<n|{m} → F_U(x, m)|; {n}; ¬F_U(x, n).

The first conclusion is trivial, by the very definition of V (x, y) :

V (x, y) ≡ ∀n{⁾m<n|{m} → F_U(x, m)|, {n}, ¬F_U(x, n) → U(x, n, y)} In order to get the second, we use the following well known

Lemma. There exists a closed λ-term Comp such that, for every n, n ∈ N Compn n xyz x if n < n ; y if n < n ; z if n = n .

Set α = (k)(x )n and α = (k )(x)n . Then, for every unary X, Z λxλnλkλx λn λk Compnn αα − ⁾m<n|{m} → Xm|, {n}, ¬Xn,

)

m <n |{m } → Xm |, {n }, ¬Xn → (Zn → Zn ) Replace Xn with F_U(x, n) and Zn with U(x, n, y),

then introduce the quantifier ∀n and that’s it.

The program

We get in this way the following program for the countable choice axiom : γ = λf(χ)(Y)λxλn(cc)λk fστ

− ∀X{∀y(Xy ↔ V (x, y)) → F[x, X]} → ∀X F[x, X] with σ = λg gxnk ; τ = λuλx λn λk Compnn αα u ;

α = (k)(x )n and α = (k )(x)n .

V is a new predicate constant, associated with the formula F. Its interpretation in the model has been given above.

The behaviour of γ depends on the implementation of the instruction χ.

The reduction rule of χ is χ ξ.π ξ n.π where n is :

• the current time ; χ is implemented as a clock ;

• the number of π in a given enumeration ; χ is implemented as a signature.

The behaviour

Let us look at the execution of a process γ f.π :

γ f.π χ Yξ.π (where ξ = λxλn(cc)λk fστ depends only on f) Yξ n_π.π ξ η.n_π.π (with η = Yξ). Therefore

γ f.π f σ_fπ.τ_fπ.π with σ_fπ = σ[η/x, n_π/n, k_π/k].

Now σ_fπ is simply the triple <η, n_π, k_π>, in other words σ_fπ stores the current state f.π at the present execution of γ.

τ_fπ performs the real job : it looks at two such states f.π and f .π and compare their indexes n and n . If n = n it does nothing.

If n < n it restarts with γ f .π : the second file with the first stack.

Thus, the main function of this program is : to update files (if χ is a clock)

or to choose a good version of a file (if χ is a signature).

References

1. S. Berardi, M. Bezem, T. Coquand On the computational content of the axiom of choice. J. Symb. Log. 63, pp. 600-622 (1998).

2. U. Berger, P. Oliva Modified bar recursion and classical dependent choice. Preprint.

3. J.-L. Krivine Dependent choices, ‘quote’ and the clock.

Th. Comp. Sc. 308, pp. 259-276 (2003).

4. J.-L. Krivine Realizability in classical logic.

Preprint, to appear in : Panoramas et synthèses, SMF.

Pdf files at http://www.pps.jussieu.fr/~krivine