Existential witness extraction

# Existential witness extraction in classical realizability and via a negative translation

Alexandre Miquel LIP (UMR 5668 – CNRS – ENS de Lyon – UCBL – INRIA) ENS de Lyon, Université de Lyon, France
###### Abstract.

We show how to extract existential witnesses from classical proofs using Krivine’s classical realizability—where classical proofs are interpreted as -terms with the callcc control operator. We first recall the basic framework of classical realizability (in classical second-order arithmetic) and show how to extend it with primitive numerals for faster computations. Then we show how to perform witness extraction in this framework, by discussing several techniques depending on the shape of the existential formula. In particular, we show that in the -case, Krivine’s witness extraction method reduces to Friedman’s through a well-suited negative translation to intuitionistic second-order arithmetic. Finally we discuss the advantages of using callcc rather than a negative translation, especially from the point of view of an implementation.

###### Key words and phrases:
Proof theory, Classical lambda-calculus, Classical realizability, Program extraction

\@sect

section1[Introduction]Introduction

Extracting an existential witness (i.e. an object  such that ) from a proof of the formula is now a well-understood technique in intuitionistic logic. The simplest way to do it is to normalize the proof and retrieve the witness from the premise of its normal form. Through the Brouwer-Heyting-Kolmogorov interpretation, one can also read the proof as a functional program that reduces to a pair whose first component is the desired witness. Such techniques are implemented in proof-assistants based on intuitionistic systems [CoqMan09, Let02, Sch05].

Extracting a witness from a classical proof of an existential formula is much more difficult, since classical logic is known not to enjoy the witness property. Such an extraction is actually not always feasible: for instance, we cannot expect to extract a witness from the obvious classical proof of the formula

 ∃x((x=1∧C)∨(x=0∧¬C))

in general—think of  being undecidable or, say, Riemann’s conjecture.

However, several techniques [Kre51, Kre52, God58, Fri78, Koh08] have been proposed in order to extract a witness from a classical proof of an existential formula in some particular cases—typically: when the formula is  (i.e. of the form ).

\@sect

subsection2[Friedman’s method]Friedman’s method

One of the most popular methods to extract witnesses from classical proofs of -formulæ has been introduced by Friedman [Fri78]. The idea of Friedman is to generalize Gödel and Kolmogorov’s double negation translation by replacing the intuitionistic negation by a relative negation parameterized by an arbitrary formula . (The only condition on  is that its free variables should not be captured in the formula or the proof we want to translate.) In first-order Peano arithmetic (PA) for instance, this negative -translation can be defined as follows

 (e1=e2)¬¬  ≡  ¬R¬R(e1=e2)(¬A)¬¬  ≡  ¬RA¬¬(A∧B)¬¬  ≡  A¬¬∧B¬¬(∀xA)¬¬  ≡  ∀xA¬¬(A∨B)¬¬  ≡  ¬R(¬RA¬¬∧¬RB¬¬)(∃xA)¬¬  ≡  ¬R∀x¬RA¬¬

and it is easy to check that if a formula  is provable in Peano arithmetic, then the formula  is provable in Heyting Arithmetic (HA), independently from the choice of the formula .

If we apply this translation to a classical proof  of the formula (i.e. a -formula), then we get an intuitionistic proof of the formula

 ¬R∀x¬R¬R¬Rf(x)=0.

By simplifying the triple (relative) negation and by unfolding the relative negation , we thus get an intuitionistic proof of the formula

 ∀x(f(x)=0⇒R) ⇒ R.

(The proof  we get is parametric w.r.t. the formula .)

Now, let us introduce Friedman’s trick, which is to instantiate the parameter  with the formula we want to prove, letting . Thus is an intuitionistic proof of the implication

 ∀x(f(x)=0 ⇒ ∃yf(y)=0) ⇒ ∃yf(y)=0.

whose left member is the introduction rule of existential quantification. Combining the modus ponens with the introduction rule of existential quantification, we finally get an intuitionistic proof of the formula

 ∃yf(y)=0

from which we can perform the standard extraction techniques.

The transformation above actually shows that classical arithmetic is conservative over intuitionistic arithmetic on the class of -formulæ. Since the transformation even works when the inner formula depends on free variables, it is easy to generalize the latter result to a result of conservativity on the class of -formulæ:

 ⊢PA∀x∃yf(x,y)=0 ⊢PA∃yf(x0,y)=0 (∀-elim, x0 fresh) ⊢HA∃yf(x0,y)=0 (Friedman’s transformation)   ⊢HA∀x∃yf(x,y)=0 (∀-intro)

This conservativity result has been extended by Friedman (using the same technique) to much stronger pairs of classical and intuitionistic theories, such as PA2HA2, …, PAHA, ZIZ, ZFIZF [Fri78].

\@sect

subsection2[Krivine’s classical realizability]Krivine’s classical realizability

Up to the 90’s, the computational contents of classical proofs was only studied indirectly, via clever translations to intuitionistic logic [God58, Kre51, Fri78] or to linear logic. The situation quickly changed with the discovery of a strong connection between classical reasoning principles (such as Peirce’s law) and control operators (such as callcc) [Gri90]. This led to the rise of many extensions of the -calculus with control primitives, such as Krivine’s -calculus [Kri05], Parigot’s -calculus [Par97], Barbanera and Berardi’s (non deterministic) symmetric -calculus [BB96] or Curien and Herbelin’s -calculus [CH00]. (This list is far from being exhaustive.)

Among these different proposals to extend the proofs-as-programs paradigm to classical logic, Krivine’s theory of classical realizability [Kri01, Kri05] enjoys a particular position. First, it is based on realizability rather than on typing, which makes it naturally more flexible and more powerful than systems that are simply based on typing. Second, the simplicity on the underlying calculus of realizers (the -calculus extended with the callcc control primitive) and of its evaluation policy (weak head normalization) hides its main feature, which is its ability to incorporate new instructions in order to realize new formulæ, such as (for instance) several forms of the axiom of choice [Kri03]. Although classical realizability is traditionally presented in second-order classical arithmetic, it can be extended to much more expressive logical frameworks such as Zermelo-Fraenkel set theory [Kri01] or the calculus of constructions with universes [Miq07].

Less known is the fact that Krivine’s framework allows to perform classical witness extraction directly (especially from realizers of -formulæ), without going through a negative translation such as Friedman’s. The purpose of this paper is twofold. First, it aims at presenting some methods that naturally come with classical realizability in order to extract witnesses from classical proofs of existential formulæ—especially -formulæ. Second, it aims to relate the extraction method for -formulæ with Friedman’s, by showing that through a well-chosen negative translation (inspired from [Oli08]), both methods are basically the same (up to the details of the translation).

One of the difficulties of tracking arithmetic reasoning through a negative translation is that some parts of the proof carry over logical invariants whereas other parts are only devoted to arithmetic computations. To solve this problem, we shall introduce primitive numerals in the language of realizers, while showing that they (essentially) realize the same formulæ as Church numerals. As a side effect, replacing Church numerals with primitive numerals also makes the corresponding extraction technique much more realistic—and we believe, much more efficient—in the perspective of a practical implementation.

\@sect

subsection2[Outline of the paper]Outline of the paper

In section Existential witness extraction in classical realizability and via a negative translation, we present a type system for classical second-order arithmetic (PA2) based on the -calculus extended with the primitive callcc. This type system is given its semantics in section Existential witness extraction in classical realizability and via a negative translation, by defining a family of classical realizability models (following [Kri05]). In section LABEL:s:PrimInt, we extend the calculus of realizers and the type system for PA2 with primitive numerals to make arithmetic computations more efficient (in proof-terms) and more easily tractable through the negative translation. The classical witness extraction methods are presented in section LABEL:s:Witness and we illustrate them with an example based on the minimum principle in section LABEL:s:Example. In section LABEL:s:HA2, we define a more traditional type system for intuitionistic second-order arithmetic (HA2), which we relate to the type system for PA2 by defining in section LABEL:s:NegTrans a negative translation in the spirit of [Oli08].

\@sect

section1[Classical second-order arithmetic ()]Classical second-order arithmetic ()

\@sect

subsection2[The language of second-order arithmetic]The language of second-order arithmetic

The language of  (Fig. 1 p. 1) is made of two kinds of syntactic expressions: arithmetic expressions (a.k.a. first-order terms111We shall prefer the terminology of ‘arithmetic expression’ to the more standard terminology of ‘first-order term’ to prevent a confusion with the proof-terms we shall introduce in section Existential witness extraction in classical realizability and via a negative translation.) that represent individuals, and formulæ that represent mathematical propositions.

Arithmetic expressions (notation: , , , etc.) are built from an infinite set of first-order variables (notation: , , , etc.) using function symbols (notation: , , , etc.) defined in a given first-order signature. Here, we assume that the signature contains a constant symbol ‘’ for zero, a unary function symbol ‘’ for the successor function, and more generally, a function symbol  of arity  for every primitive recursive definition of a function with  arguments. In the sequel, we shall use binary function symbols ‘’ (addition) and ‘’ (multiplication) as well as unary function symbols ‘’ (predecessor) and ‘’ (boolean negation) with the following definitions:

 0+y=y0×y=0s(x)+y=s(x+y)s(x)×y=(x×y)+ypred(0)=0neg(0)=1pred(s(x))=xneg(s(x))=0

(writing , , , etc.) The set of all free variables of an arithmetic expression  is written . The notion of (first-order) substitution in an arithmetic expression is defined as usual and written .

Formulæ of the language of second-order arithmetic (notation: , , , etc.) are formed from second-order variables (notation: , , , etc.) of all arities using implication and first- and second-order universal quantification (Fig. 1). We slightly deviate from the traditional presentation of the syntax of the language [Gir89, Kri93] by explicitly introducing a unary predicate symbol ‘’ expressing that its argument yields zero. The main reason for introducing this symbol is that it facilitates the construction of a simple proof-term for Peano’s 4th axiom within the type system presented in section Existential witness extraction in classical realizability and via a negative translation.

The set of all free (first- and second-order) variables of a formula  is written . The notions of first- and second-order substitution in a formula are defined as usual, and written and respectively. (See [Gir89, Kri93] for a more detailed presentation of the two forms of substitutions.)

\@sect

subsubsection3[Second-order encodings]Second-order encodings Propositional units ( and ), negation, conjunction, disjunction, first- and second-order existential quantification as well as Leibniz equality are represented using the second-order encodings given in Fig. 1. Here, we define the propositional constant  as a shorthand for the formula , which is consistent with the type system of section Existential witness extraction in classical realizability and via a negative translation and the realizability interpretation of section Existential witness extraction in classical realizability and via a negative translation. Intuitively, the formula  is the type of all proof-terms, and it is important not to confuse it with the (true) formula that has much less proof-terms.

\@sect

subsection2[The congruences and ]The congruences and

We introduce two congruences and over arithmetic expressions and formulæ that will be used to incorporate the definitional equalities of the function symbols of the signature in the conversion rule of the type system we shall introduce in section Existential witness extraction in classical realizability and via a negative translation. The same mechanism will be used to build proof-terms for Peano’s 3rd and 4th axioms.

The congruence over arithmetic expressions is simply defined as the congruence generated by the defining equations of the primitive recursive function symbols of the signature. (We already gave the equations associated with the function symbols ‘’, ‘’, ‘’ and ‘’ in section Existential witness extraction in classical realizability and via a negative translation.) Of course, these equations can be oriented in such a way that they form a confluent and terminating system of rewrite rules, so that the congruence is decidable. But we shall not need such a level of detail in the sequel.

The congruence over formulæ is defined by adding the equation to the system of equations defining the congruence . Again, this new equation can be oriented from left to right so that the resulting system of rewrite rules (including the rewrite rules for function symbols) is confluent and terminating, and the congruence is thus decidable.

\@sect

subsection2[A type system for classical second-order arithmetic]A type system for classical second-order arithmetic

The typeproof system of PA2 closely follows the spirit of Second-order functional arithmetic (FA2) [Kri93]. As in FA2, first- and second-order universal quantifications are treated uniformly, by using Curry-style proof-terms that do not keep track of introduction and elimination of universal quantifiers.222For this reason, a (Curry-style) proof-term should not be confused with the proof (i.e. the derivation) it comes from, since the latter contains much more information that cannot be reconstructed from the proof-term. In such a setting, the proof-term is merely a computational digest of the formal proof, where some computationally irrelevant parts of the proof have been already removed. As usual in such a framework, numeric quantifications require a special treatment we shall recall in Section Existential witness extraction in classical realizability and via a negative translation.

Formally, the type system of PA2 is based on a typing judgment of the form , where  is a typing context, a (Curry-style) proof-term, and where  is a formula of the language of PA2 (section Existential witness extraction in classical realizability and via a negative translation).

Proof-terms of PA2 (notation: , , etc.) are just pure -terms333Proof variables (i.e. variables of the -calculus) are written , , , etc. in the sequel, but it is important not to confuse them with first-order variables (written using the same letters) that occur in arithmetic expressions and formulæ. enriched with a special constant  (‘callcc’) to prove Peirce’s law. The operational semantics of proof-terms (that slightly differs from the traditional operational semantics of pure -calculus) will be given in section Existential witness extraction in classical realizability and via a negative translation.

A typing context (notation: , , , etc.) is a finite unordered list of declarations of the form where are pairwise distinct proof-variables and where are arbitrary formulæ. Given a typing context , we write and .

The inference rules for the judgment are given in Fig. 1. These rules contain the standard typing rules of AF2 [Kri93] (that correspond to the deduction rules of intuitionistic natural deduction in second-order predicate logic), plus a typing rule for the constant  (Peirce’s axiom) to recover classical logic. These rules also contain a conversion rule as well an introduction rule for the propositional constant . (These rules are specifically needed to build proof-terms for the axioms of arithmetic.) In particular:

1. For all arithmetic expressions and depending on the variables such that , we have

 ⊢NK  λz.z  :  ∀x1⋯∀xk e1(x1,…,xk)=e2(x1,…,xk)

(where stands for Leibniz equality). So that is a proof-term for all definitional equalities attached to the function symbols of the signature.

2. Given an arbitrary proof-term  such that , we have

 ⊢NK  λz.zu  :  ∀x∀y(s(x)=s(y)⇒x=y) ⊢NK  λz.zu  :  ∀x¬(s(x)=0)

so that Peano’s 3rd and 4th axioms are provable in our type system. (The corresponding derivations are given in Fig. 2.)

\@sect

subsection2[Induction]Induction

It is well known [Gir89, Kri93, Kri05] that the induction principle

 ∀Z (Z(0)⇒∀y(Z(y)⇒Z(s(y)))⇒∀xZ(x))

cannot be given a (closed) proof-term in the type system we presented above. The reason is that first-order quantification is interpreted uniformly (i.e. as an infinitary intersection type) in our setting, whereas universal quantification over natural numbers cannot be interpreted uniformly, for that most proofs of computationally depend on the natural number . To circumvent this difficulty, we use a well-known trick of second-order logic which is to relativize first-order quantifications using the predicate

 nat(x) ≡ ∀Z (Z(0)⇒∀y(Z(y)⇒Z(s(y)))⇒Z(x))

expressing that  belongs to the smallest set of individuals containing zero and stable under the successor function. With this notation, the relativized form of the induction principle

 ∀Z (Z(0)⇒∀y(nat(y)⇒Z(y)⇒Z(s(y)))⇒∀x(nat(x)⇒Z(x)))

can be given a closed proof-term in our setting. (See [Kri93] for instance.)

More generally, we associate to every formula  a formula that is obtained by relativizing all the first-order quantifications with the predicate . Formally, the formula  is defined by induction of  with the equations:

 (null(e))nat ≡ null(e)(X(e1,…,ek))nat ≡ X(e1,…,ek)(A⇒B)nat ≡ Anat⇒Bnat(∀xA)nat ≡ ∀x(nat(x)⇒Anat)(∀XA)nat ≡ ∀X(Anat)

We then easily check that

###### Proposition 0.1.

If a closed formula  is provable in classical second-order arithmetic (with the unrelativized induction principle), then the formula has a closed proof-term in the type system defined in Fig. 1.

\@sect

section1[Classical realizability]Classical realizability

We shall now present the classical realizability interpretation of the type system presented in section Existential witness extraction in classical realizability and via a negative translation, following the method introduced by Krivine [Kri05].

First, we shall introduce a calculus of realizers (Krivine’s language ) containing the proof-terms of Fig. 1, and give its evaluation rules, that constitute the small-step operational semantics of the language. From this, we shall see how to interpret every formula  of PA2 as a set of realizers , reading the formula  as a specification of the computational behavior of the realizers of . The connection between the classical realizability interpretation and big-step operational semantics in  should become clear in sections LABEL:s:PrimInt and LABEL:s:Witness.

\@sect

subsection2[A calculus of realizers]A calculus of realizers

Krivine’s language  [Kri05] is a strict extension of the calculus of proof-terms of  (section Existential witness extraction in classical realizability and via a negative translation). The language  actually distinguishes three kinds of syntactic entities: terms, stacks and processes.

Terms of  are pure -terms enriched with two kinds of constants:

1. instructions , where  is a fixed set of constants that contains (at least) an instruction written  (callcc);

2. continuation constants , one for every stack .

Stacks are finite lists of closed terms terminated by the stack constant .444Krivine allows the formation of stacks using many stack constants (representing as many empty stacks), but we will not need more than one stack constant here. Note that unlike terms (that may be open or closed), stacks only contain closed terms and are thus closed objects—so that the continuation constant associated to every stack  is actually a constant. (The details of the mutual definition of terms and stacks are given in [Kri05].) Finally, a process is simply a pair formed by a closed term  and a stack . The set of closed terms (resp. the set of stacks) is written (resp. ), and the set of processes is written .

In section LABEL:s:PrimInt we shall extend the calculus with extra instructions to perform fast arithmetic computations. (See also Remark 0.2.)

\@sect

subsubsection3[Evaluation]Evaluation The set of processes is equipped with a binary relation of one step evaluation written , whose reflexive-transitive closure is written as usual. We assume that this relation satisfies (at least) the following axioms:

 λx.t  ⋆  u⋅π≻t{x:=u}  ⋆  πtu  ⋆  π≻t  ⋆  u⋅πcc  ⋆  t⋅π≻t  ⋆  kπ⋅πkπ  ⋆  t⋅π′≻t  ⋆  π  (\textscGrab)(\textscPush)(\textscCall$/$cc)(\textscResume)

for all and . Note that only processes are subject to evaluation: there is no notion of reduction for either terms or stacks in .

This list of axioms—that basically implements weak head -reduction in presence of the control operator callcc—can be extended with extra axioms to describe the computational behavior of the other instructions .

###### Remark 0.2.

Formally, the definition of the language thus depends on two parameters: the set of instructions (containing at least the instruction ), and the relation of evaluation that fulfils the four axioms given above. In particular, the rules (Grab), (Push), (Callcc) and (Resume) are only conditions on the relation , but they do not constitute a defi (by cases) of this relation. (The reader is invited to check that these conditions are actually the minimal conditions for proving Prop. LABEL:p:KAdequacy.) Putting conditions on the set  and on the relation of evaluation—rather than defining them completely—naturally makes the calculus modular, since this design allows us to enrich the calculus with extra instructions (by putting extra conditions on ) and extra evaluation rules (by putting extra conditions on ), while keeping all the results that have been proved using a smaller set of conditions on  and 555This is the point of view that is taken in [Kri01, Kri03, Kri05, Kri08].. Technically, this open design has only one drawback, which is that it forbids any form of reasoning by ‘case analysis’ on an instruction or on an evaluation step—since the contents of  and the definition of  are not (completely) known. Again, the reader is invited to check that this form of reasoning is never used in the results presented in Sections Existential witness extraction in classical realizability and via a negative translation, LABEL:s:PrimInt and LABEL:s:Witness—with the sole exception of Lemma LABEL:l:StackExt in section LABEL:ss:Independence. The set of available instructions and evaluation rules will only be closed in section LABEL:s:NegTrans, in order to define the negative translation and to study its properties.

\@sect

subsection2[The realizability interpretation]The realizability interpretation

\@sect

subsubsection3[The notion of a pole]The notion of a pole The construction of the classical realizability model is parameterized by a set of processes , which we called the pole of the model. We assume that this set is closed under anti-evaluation (or saturated according to the terminology of [Kri05]). Formally:

###### Definition 0.3.

A pole is any set of processes such that the conditions and together imply for all .

###### Remark 0.4.

Since the definition of a pole explicitly depends on the relation of evaluation , all the conditions we put on the relation of evaluation (see Remark 0.2) are mechanically reflected in the definition of the notion of a pole. For instance, the rule (Push) is reflected in all poles  by the fact that implies (for all terms , and for all stacks ). The same holds for the rules (Grab), (Callcc) and (Resume), as well as for the new rules we shall introduce in Section LABEL:s:PrimInt. Putting more conditions on the relation of evaluation thus reduces the number of available poles.

Note that there are two generic ways to define a pole  from an arbitrary set of processes :

1. The first method is to consider  as a set of final (or ‘accepting’) states, and to take  as the closure of  by anti-evaluation, that is: , which is defined by .

2. The second method is to consider  as a set of initial (‘forbidden’) states, and to take  as the complement of the closure of  by evaluation, that is: , where .

In this paper, we shall build particular poles (in Section LABEL:s:Witness) only using the first method, but interesting uses of the second method can be found in [Kri03].

\@sect

subsubsection3[Truth and falsity values]Truth and falsity values From now on, denotes a fixed pole. We call a falsity value any set of stacks . By orthogonality, every falsity value induces a truth value defined as:

 S⊥⊥  =  {t∈Λc : ∀π∈S  t⋆π∈⊥⊥}.

\@sect

subsubsection3[Valuations and parametric formulæ]Valuations and parametric formulæ A valuation is a function  whose domain is a finite set of (first- and second-order) variables, such that:

1. for every first-order variable ;

2. is a (total) function from to (i.e. a falsity value function) for every -ary second-order variable .

A parametric expression (resp. a parametric formula) is simply an arithmetic expression  (resp. a formula ) equipped with a valuation , that we write (resp. ). Parametric contexts are defined similarly. A parametric expression (formula, context) is said to be closed when every free variable of the underlying expression (formula, context) belongs to the domain of the attached valuation.

For every closed parametric expression  we write the value of , interpreting variables by their images in  while giving to the primitive recursive function symbols in  their standard interpretation.

We easily check that:

###### Lemma 0.5.

If  and  are two arithmetic expressions such that , then for all valuations  closing  and  we have .

###### Proof.

By induction on the derivation of .

\@sect

subsubsection3[The interpretation function]The interpretation function Every closed parametric formula is interpreted as two sets, namely: a falsity value and a truth value . Both sets are defined by induction on the formula  as follows:

 ∥X(e1,…,ek)[ρ]∥=ρ(X)(Val(e1[ρ]),…,Val(ek[ρ]))\omit\span\omit\span\@@LTX@noalign\vskip6.0ptplus2.0ptminus2.0pt\omit∥null(e)[ρ]∥={∅if Val(e[ρ])=0Πif Val(e[ρ])≠0\omit\span\omit\span\@@LTX@noalign\vskip6.0ptplus2.0ptminus2.0pt\omit∥(A⇒B)[ρ]∥=|A[ρ]|⋅∥B[ρ]∥  =  {t⋅π : t∈|A[ρ]|, π∈∥B[ρ]∥}
 ∥(∀xA)[ρ]∥=⋃n∈N∥A[ρ;x←n]∥\omit\span\omit\span\@@LTX@noalign\vskip6.0ptplus2.0ptminus2.0pt\omit∥(∀XA)[ρ]∥=⋃F:Nk→P(Π)∥A[ρ;x←F]∥\omit\span\omit\span\@@LTX@noalign\vskip6.0ptplus2.0ptminus2.0pt\omit|A[ρ]|=∥A[ρ]∥⊥⊥  =  {t∈Λc : ∀π∈∥A[ρ]∥  t⋆π∈⊥⊥}

The reader is invited to check that the sets  and  only depend on the values given by  to the free variables of , so that we can drop the valuation  when  is closed and simply write and for and .

We easily check that:

###### Lemma 0.6.

If  and  are two formulæ of PA2 such that , then for all valuations  closing  and  we have .

You are adding the first comment!
How to quickly get a good reply:
• Give credit where it’s due by listing out the positive aspects of a paper before getting into which changes should be made.
• Be specific in your critique, and provide supporting evidence with appropriate references to substantiate general statements.
• Your comment should inspire ideas to flow and help the author improves the paper.

The better we are at sharing our knowledge with each other, the faster we move forward.
The feedback must be of minimum 40 characters and the title a minimum of 5 characters   