Existential witness extraction in classical
realizability and via a negative translation
Abstract.
We show how to extract existential witnesses from classical proofs using Krivine’s classical realizability—where classical proofs are interpreted as terms with the callcc control operator. We first recall the basic framework of classical realizability (in classical secondorder arithmetic) and show how to extend it with primitive numerals for faster computations. Then we show how to perform witness extraction in this framework, by discussing several techniques depending on the shape of the existential formula. In particular, we show that in the case, Krivine’s witness extraction method reduces to Friedman’s through a wellsuited negative translation to intuitionistic secondorder arithmetic. Finally we discuss the advantages of using callcc rather than a negative translation, especially from the point of view of an implementation.
Key words and phrases:
Proof theory, Classical lambdacalculus, Classical realizability, Program extractionsection1[Introduction]Introduction
Extracting an existential witness (i.e. an object such that ) from a proof of the formula is now a wellunderstood technique in intuitionistic logic. The simplest way to do it is to normalize the proof and retrieve the witness from the premise of its normal form. Through the BrouwerHeytingKolmogorov interpretation, one can also read the proof as a functional program that reduces to a pair whose first component is the desired witness. Such techniques are implemented in proofassistants based on intuitionistic systems [CoqMan09, Let02, Sch05].
Extracting a witness from a classical proof of an existential formula is much more difficult, since classical logic is known not to enjoy the witness property. Such an extraction is actually not always feasible: for instance, we cannot expect to extract a witness from the obvious classical proof of the formula
in general—think of being undecidable or, say, Riemann’s conjecture.
However, several techniques [Kre51, Kre52, God58, Fri78, Koh08] have been proposed in order to extract a witness from a classical proof of an existential formula in some particular cases—typically: when the formula is (i.e. of the form ).
subsection2[Friedman’s method]Friedman’s method
One of the most popular methods to extract witnesses from classical proofs of formulæ has been introduced by Friedman [Fri78]. The idea of Friedman is to generalize Gödel and Kolmogorov’s double negation translation by replacing the intuitionistic negation by a relative negation parameterized by an arbitrary formula . (The only condition on is that its free variables should not be captured in the formula or the proof we want to translate.) In firstorder Peano arithmetic (PA) for instance, this negative translation can be defined as follows
and it is easy to check that if a formula is provable in Peano arithmetic, then the formula is provable in Heyting Arithmetic (HA), independently from the choice of the formula .
If we apply this translation to a classical proof of the formula (i.e. a formula), then we get an intuitionistic proof of the formula
By simplifying the triple (relative) negation and by unfolding the relative negation , we thus get an intuitionistic proof of the formula
(The proof we get is parametric w.r.t. the formula .)
Now, let us introduce Friedman’s trick, which is to instantiate the parameter with the formula we want to prove, letting . Thus is an intuitionistic proof of the implication
whose left member is the introduction rule of existential quantification. Combining the modus ponens with the introduction rule of existential quantification, we finally get an intuitionistic proof of the formula
from which we can perform the standard extraction techniques.
The transformation above actually shows that classical arithmetic is conservative over intuitionistic arithmetic on the class of formulæ. Since the transformation even works when the inner formula depends on free variables, it is easy to generalize the latter result to a result of conservativity on the class of formulæ:
(elim, fresh) (Friedman’s transformation) (intro) 
This conservativity result has been extended by Friedman (using the same technique) to much stronger pairs of classical and intuitionistic theories, such as PA2HA2, …, PAHA, ZIZ, ZFIZF [Fri78].
subsection2[Krivine’s classical realizability]Krivine’s classical realizability
Up to the 90’s, the computational contents of classical proofs was only studied indirectly, via clever translations to intuitionistic logic [God58, Kre51, Fri78] or to linear logic. The situation quickly changed with the discovery of a strong connection between classical reasoning principles (such as Peirce’s law) and control operators (such as callcc) [Gri90]. This led to the rise of many extensions of the calculus with control primitives, such as Krivine’s calculus [Kri05], Parigot’s calculus [Par97], Barbanera and Berardi’s (non deterministic) symmetric calculus [BB96] or Curien and Herbelin’s calculus [CH00]. (This list is far from being exhaustive.)
Among these different proposals to extend the proofsasprograms paradigm to classical logic, Krivine’s theory of classical realizability [Kri01, Kri05] enjoys a particular position. First, it is based on realizability rather than on typing, which makes it naturally more flexible and more powerful than systems that are simply based on typing. Second, the simplicity on the underlying calculus of realizers (the calculus extended with the callcc control primitive) and of its evaluation policy (weak head normalization) hides its main feature, which is its ability to incorporate new instructions in order to realize new formulæ, such as (for instance) several forms of the axiom of choice [Kri03]. Although classical realizability is traditionally presented in secondorder classical arithmetic, it can be extended to much more expressive logical frameworks such as ZermeloFraenkel set theory [Kri01] or the calculus of constructions with universes [Miq07].
Less known is the fact that Krivine’s framework allows to perform classical witness extraction directly (especially from realizers of formulæ), without going through a negative translation such as Friedman’s. The purpose of this paper is twofold. First, it aims at presenting some methods that naturally come with classical realizability in order to extract witnesses from classical proofs of existential formulæ—especially formulæ. Second, it aims to relate the extraction method for formulæ with Friedman’s, by showing that through a wellchosen negative translation (inspired from [Oli08]), both methods are basically the same (up to the details of the translation).
One of the difficulties of tracking arithmetic reasoning through a negative translation is that some parts of the proof carry over logical invariants whereas other parts are only devoted to arithmetic computations. To solve this problem, we shall introduce primitive numerals in the language of realizers, while showing that they (essentially) realize the same formulæ as Church numerals. As a side effect, replacing Church numerals with primitive numerals also makes the corresponding extraction technique much more realistic—and we believe, much more efficient—in the perspective of a practical implementation.
subsection2[Outline of the paper]Outline of the paper
In section Existential witness extraction in classical realizability and via a negative translation, we present a type system for classical secondorder arithmetic (PA2) based on the calculus extended with the primitive callcc. This type system is given its semantics in section Existential witness extraction in classical realizability and via a negative translation, by defining a family of classical realizability models (following [Kri05]). In section LABEL:s:PrimInt, we extend the calculus of realizers and the type system for PA2 with primitive numerals to make arithmetic computations more efficient (in proofterms) and more easily tractable through the negative translation. The classical witness extraction methods are presented in section LABEL:s:Witness and we illustrate them with an example based on the minimum principle in section LABEL:s:Example. In section LABEL:s:HA2, we define a more traditional type system for intuitionistic secondorder arithmetic (HA2), which we relate to the type system for PA2 by defining in section LABEL:s:NegTrans a negative translation in the spirit of [Oli08].
section1[Classical secondorder arithmetic ()]Classical secondorder arithmetic ()
subsection2[The language of secondorder arithmetic]The language of secondorder arithmetic
The language of (Fig. 1 p. 1) is made of two kinds of syntactic expressions: arithmetic expressions (a.k.a. firstorder terms^{1}^{1}1We shall prefer the terminology of ‘arithmetic expression’ to the more standard terminology of ‘firstorder term’ to prevent a confusion with the proofterms we shall introduce in section Existential witness extraction in classical realizability and via a negative translation.) that represent individuals, and formulæ that represent mathematical propositions.
Arithmetic expressions (notation: , , , etc.) are built from an infinite set of firstorder variables (notation: , , , etc.) using function symbols (notation: , , , etc.) defined in a given firstorder signature. Here, we assume that the signature contains a constant symbol ‘’ for zero, a unary function symbol ‘’ for the successor function, and more generally, a function symbol of arity for every primitive recursive definition of a function with arguments. In the sequel, we shall use binary function symbols ‘’ (addition) and ‘’ (multiplication) as well as unary function symbols ‘’ (predecessor) and ‘’ (boolean negation) with the following definitions:
(writing , , , etc.) The set of all free variables of an arithmetic expression is written . The notion of (firstorder) substitution in an arithmetic expression is defined as usual and written .
Formulæ of the language of secondorder arithmetic (notation: , , , etc.) are formed from secondorder variables (notation: , , , etc.) of all arities using implication and first and secondorder universal quantification (Fig. 1). We slightly deviate from the traditional presentation of the syntax of the language [Gir89, Kri93] by explicitly introducing a unary predicate symbol ‘’ expressing that its argument yields zero. The main reason for introducing this symbol is that it facilitates the construction of a simple proofterm for Peano’s 4th axiom within the type system presented in section Existential witness extraction in classical realizability and via a negative translation.
The set of all free (first and secondorder) variables of a formula is written . The notions of first and secondorder substitution in a formula are defined as usual, and written and respectively. (See [Gir89, Kri93] for a more detailed presentation of the two forms of substitutions.)
subsubsection3[Secondorder encodings]Secondorder encodings Propositional units ( and ), negation, conjunction, disjunction, first and secondorder existential quantification as well as Leibniz equality are represented using the secondorder encodings given in Fig. 1. Here, we define the propositional constant as a shorthand for the formula , which is consistent with the type system of section Existential witness extraction in classical realizability and via a negative translation and the realizability interpretation of section Existential witness extraction in classical realizability and via a negative translation. Intuitively, the formula is the type of all proofterms, and it is important not to confuse it with the (true) formula that has much less proofterms.
subsection2[The congruences and ]The congruences and
We introduce two congruences and over arithmetic expressions and formulæ that will be used to incorporate the definitional equalities of the function symbols of the signature in the conversion rule of the type system we shall introduce in section Existential witness extraction in classical realizability and via a negative translation. The same mechanism will be used to build proofterms for Peano’s 3rd and 4th axioms.
The congruence over arithmetic expressions is simply defined as the congruence generated by the defining equations of the primitive recursive function symbols of the signature. (We already gave the equations associated with the function symbols ‘’, ‘’, ‘’ and ‘’ in section Existential witness extraction in classical realizability and via a negative translation.) Of course, these equations can be oriented in such a way that they form a confluent and terminating system of rewrite rules, so that the congruence is decidable. But we shall not need such a level of detail in the sequel.
The congruence over formulæ is defined by adding the equation to the system of equations defining the congruence . Again, this new equation can be oriented from left to right so that the resulting system of rewrite rules (including the rewrite rules for function symbols) is confluent and terminating, and the congruence is thus decidable.
subsection2[A type system for classical secondorder arithmetic]A type system for classical secondorder arithmetic
The typeproof system of PA2 closely follows the spirit of Secondorder functional arithmetic (FA2) [Kri93]. As in FA2, first and secondorder universal quantifications are treated uniformly, by using Currystyle proofterms that do not keep track of introduction and elimination of universal quantifiers.^{2}^{2}2For this reason, a (Currystyle) proofterm should not be confused with the proof (i.e. the derivation) it comes from, since the latter contains much more information that cannot be reconstructed from the proofterm. In such a setting, the proofterm is merely a computational digest of the formal proof, where some computationally irrelevant parts of the proof have been already removed. As usual in such a framework, numeric quantifications require a special treatment we shall recall in Section Existential witness extraction in classical realizability and via a negative translation.
Formally, the type system of PA2 is based on a typing judgment of the form , where is a typing context, a (Currystyle) proofterm, and where is a formula of the language of PA2 (section Existential witness extraction in classical realizability and via a negative translation).
Proofterms of PA2 (notation: , , etc.) are just pure terms^{3}^{3}3Proof variables (i.e. variables of the calculus) are written , , , etc. in the sequel, but it is important not to confuse them with firstorder variables (written using the same letters) that occur in arithmetic expressions and formulæ. enriched with a special constant (‘callcc’) to prove Peirce’s law. The operational semantics of proofterms (that slightly differs from the traditional operational semantics of pure calculus) will be given in section Existential witness extraction in classical realizability and via a negative translation.
A typing context (notation: , , , etc.) is a finite unordered list of declarations of the form where are pairwise distinct proofvariables and where are arbitrary formulæ. Given a typing context , we write and .
The inference rules for the judgment are given in Fig. 1. These rules contain the standard typing rules of AF2 [Kri93] (that correspond to the deduction rules of intuitionistic natural deduction in secondorder predicate logic), plus a typing rule for the constant (Peirce’s axiom) to recover classical logic. These rules also contain a conversion rule as well an introduction rule for the propositional constant . (These rules are specifically needed to build proofterms for the axioms of arithmetic.) In particular:

For all arithmetic expressions and depending on the variables such that , we have
(where stands for Leibniz equality). So that is a proofterm for all definitional equalities attached to the function symbols of the signature.

Given an arbitrary proofterm such that , we have
so that Peano’s 3rd and 4th axioms are provable in our type system. (The corresponding derivations are given in Fig. 2.)
subsection2[Induction]Induction
It is well known [Gir89, Kri93, Kri05] that the induction principle
cannot be given a (closed) proofterm in the type system we presented above. The reason is that firstorder quantification is interpreted uniformly (i.e. as an infinitary intersection type) in our setting, whereas universal quantification over natural numbers cannot be interpreted uniformly, for that most proofs of computationally depend on the natural number . To circumvent this difficulty, we use a wellknown trick of secondorder logic which is to relativize firstorder quantifications using the predicate
expressing that belongs to the smallest set of individuals containing zero and stable under the successor function. With this notation, the relativized form of the induction principle
can be given a closed proofterm in our setting. (See [Kri93] for instance.)
More generally, we associate to every formula a formula that is obtained by relativizing all the firstorder quantifications with the predicate . Formally, the formula is defined by induction of with the equations:
We then easily check that
Proposition 0.1.
If a closed formula is provable in classical secondorder arithmetic (with the unrelativized induction principle), then the formula has a closed proofterm in the type system defined in Fig. 1.
section1[Classical realizability]Classical realizability
We shall now present the classical realizability interpretation of the type system presented in section Existential witness extraction in classical realizability and via a negative translation, following the method introduced by Krivine [Kri05].
First, we shall introduce a calculus of realizers (Krivine’s language ) containing the proofterms of Fig. 1, and give its evaluation rules, that constitute the smallstep operational semantics of the language. From this, we shall see how to interpret every formula of PA2 as a set of realizers , reading the formula as a specification of the computational behavior of the realizers of . The connection between the classical realizability interpretation and bigstep operational semantics in should become clear in sections LABEL:s:PrimInt and LABEL:s:Witness.
subsection2[A calculus of realizers]A calculus of realizers
Krivine’s language [Kri05] is a strict extension of the calculus of proofterms of (section Existential witness extraction in classical realizability and via a negative translation). The language actually distinguishes three kinds of syntactic entities: terms, stacks and processes.
Terms of are pure terms enriched with two kinds of constants:

instructions , where is a fixed set of constants that contains (at least) an instruction written (callcc);

continuation constants , one for every stack .
Stacks are finite lists of closed terms terminated by the stack constant .^{4}^{4}4Krivine allows the formation of stacks using many stack constants (representing as many empty stacks), but we will not need more than one stack constant here. Note that unlike terms (that may be open or closed), stacks only contain closed terms and are thus closed objects—so that the continuation constant associated to every stack is actually a constant. (The details of the mutual definition of terms and stacks are given in [Kri05].) Finally, a process is simply a pair formed by a closed term and a stack . The set of closed terms (resp. the set of stacks) is written (resp. ), and the set of processes is written .
In section LABEL:s:PrimInt we shall extend the calculus with extra instructions to perform fast arithmetic computations. (See also Remark 0.2.)
subsubsection3[Evaluation]Evaluation The set of processes is equipped with a binary relation of one step evaluation written , whose reflexivetransitive closure is written as usual. We assume that this relation satisfies (at least) the following axioms:
for all and . Note that only processes are subject to evaluation: there is no notion of reduction for either terms or stacks in .
This list of axioms—that basically implements weak head reduction in presence of the control operator callcc—can be extended with extra axioms to describe the computational behavior of the other instructions .
Remark 0.2.
Formally, the definition of the language thus depends on two parameters: the set of instructions (containing at least the instruction ), and the relation of evaluation that fulfils the four axioms given above. In particular, the rules (Grab), (Push), (Callcc) and (Resume) are only conditions on the relation , but they do not constitute a defi (by cases) of this relation. (The reader is invited to check that these conditions are actually the minimal conditions for proving Prop. LABEL:p:KAdequacy.) Putting conditions on the set and on the relation of evaluation—rather than defining them completely—naturally makes the calculus modular, since this design allows us to enrich the calculus with extra instructions (by putting extra conditions on ) and extra evaluation rules (by putting extra conditions on ), while keeping all the results that have been proved using a smaller set of conditions on and ^{5}^{5}5This is the point of view that is taken in [Kri01, Kri03, Kri05, Kri08].. Technically, this open design has only one drawback, which is that it forbids any form of reasoning by ‘case analysis’ on an instruction or on an evaluation step—since the contents of and the definition of are not (completely) known. Again, the reader is invited to check that this form of reasoning is never used in the results presented in Sections Existential witness extraction in classical realizability and via a negative translation, LABEL:s:PrimInt and LABEL:s:Witness—with the sole exception of Lemma LABEL:l:StackExt in section LABEL:ss:Independence. The set of available instructions and evaluation rules will only be closed in section LABEL:s:NegTrans, in order to define the negative translation and to study its properties.
subsection2[The realizability interpretation]The realizability interpretation
subsubsection3[The notion of a pole]The notion of a pole The construction of the classical realizability model is parameterized by a set of processes , which we called the pole of the model. We assume that this set is closed under antievaluation (or saturated according to the terminology of [Kri05]). Formally:
Definition 0.3.
A pole is any set of processes such that the conditions and together imply for all .
Remark 0.4.
Since the definition of a pole explicitly depends on the relation of evaluation , all the conditions we put on the relation of evaluation (see Remark 0.2) are mechanically reflected in the definition of the notion of a pole. For instance, the rule (Push) is reflected in all poles by the fact that implies (for all terms , and for all stacks ). The same holds for the rules (Grab), (Callcc) and (Resume), as well as for the new rules we shall introduce in Section LABEL:s:PrimInt. Putting more conditions on the relation of evaluation thus reduces the number of available poles.
Note that there are two generic ways to define a pole from an arbitrary set of processes :

The first method is to consider as a set of final (or ‘accepting’) states, and to take as the closure of by antievaluation, that is: , which is defined by .

The second method is to consider as a set of initial (‘forbidden’) states, and to take as the complement of the closure of by evaluation, that is: , where .
In this paper, we shall build particular poles (in Section LABEL:s:Witness) only using the first method, but interesting uses of the second method can be found in [Kri03].
subsubsection3[Truth and falsity values]Truth and falsity values From now on, denotes a fixed pole. We call a falsity value any set of stacks . By orthogonality, every falsity value induces a truth value defined as:
subsubsection3[Valuations and parametric formulæ]Valuations and parametric formulæ A valuation is a function whose domain is a finite set of (first and secondorder) variables, such that:

for every firstorder variable ;

is a (total) function from to (i.e. a falsity value function) for every ary secondorder variable .
A parametric expression (resp. a parametric formula) is simply an arithmetic expression (resp. a formula ) equipped with a valuation , that we write (resp. ). Parametric contexts are defined similarly. A parametric expression (formula, context) is said to be closed when every free variable of the underlying expression (formula, context) belongs to the domain of the attached valuation.
For every closed parametric expression we write the value of , interpreting variables by their images in while giving to the primitive recursive function symbols in their standard interpretation.
We easily check that:
Lemma 0.5.
If and are two arithmetic expressions such that , then for all valuations closing and we have .
Proof.
By induction on the derivation of .
subsubsection3[The interpretation function]The interpretation function Every closed parametric formula is interpreted as two sets, namely: a falsity value and a truth value . Both sets are defined by induction on the formula as follows:
The reader is invited to check that the sets and only depend on the values given by to the free variables of , so that we can drop the valuation when is closed and simply write and for and .
We easily check that:
Lemma 0.6.
If and are two formulæ of PA2 such that , then for all valuations closing and we have .