15.2. PROOFS INTO PROGRAMS |
123 |
Remark Let us point out brie y the status of functions which are provably total in a system of arithmetic which is not too weak:
If A is 1-consistent, i.e. proves no false 01 formula (as we hope is the case for PA, PA2 and the axiomatic set theory of Zermelo-Fraenkel) then a diagonalisation argument shows that there are total recursive functions which are not provably total in A.
Otherwise (and notice that A can be consistent without being 1-consistent, e.g. A = PA + :consis(PA)) A proves the totality of recursive functions which are in fact partial. It can even prove the totality of all recursive functions (but for wrong reasons, and after modi cation of the programs).
15.2Proofs into programs
The converse of the proposition is also true, so we have:
Theorem The functions representable in F are exactly those which are provably total in PA2.
The original proof in [Gir71] uses an argument of functional interpretation which is technical and of limited interest. We shall give here a much simpler one, inspired by [ML70].
First we replace PA2 by its intuitionistic version HA2 (Heyting second order arithmetic), which is closer to system F. This is possible because HA2 is as strong as PA2 in proving totality of algorithms.
Indeed, there is the so called \G•odel translation" which consists of putting :: at \enough places" so that: if A is provable in PA2 then A:: is provable in HA2.
The ::-translation of a 02 formula, say 8n: 9m: T1(e; n; m), is
8n: ::9m: T1(e; n; m)
up to trivial equivalences, and standard proof-theoretic considerations show that the second one is provable in HA2 if and only if the rst is.
124 |
CHAPTER 15. REPRESENTATION THEOREM |
15.2.1Formulation of HA2
There are two kinds of variables:
; ; ; : : : (for integers)
X; Y; Z; : : : (for sets of integers)
We could have n-ary predicate variables for arbitrary n, but we assume them to be unary for the sake of exposition. We quite deliberately use X as a second-order variable both for HA2 and for F.
We shall also have basic function symbols, namely O (0-ary) and S (unary). The formulae will be built from atoms
a 2 X, where a is a term (i.e. a SnO or a Sn ) and X a set variable,
a = b, where a and b are terms,
by means of ), 8 : , 9 : and 8X: It is possible to de ne the other connectors ^, _, ? and 9X: in the same way as in 11.3, and :A as A ) ?. In fact 9 : is de nable too, but it is more convenient to have it as a primitive connector.
There are obvious (quanti er free) axioms for equality, and for S we have:
: S = O |
S = S ) = |
The connectors ), 8 : and 9 : are handled by the usual rules of natural deduction (chapters 2 and 10) and 8X: by:
|
|
|
|
|
|||
|
|
|
|
||||
|
|
|
|
|
|||
|
|
8 |
X: A |
|
|||
A |
82I |
|
|
82E |
|||
|
|
A[f : Cg=X] |
|||||
8X: A |
|||||||
|
|
||||||
In the last rule, A[f : Cg=X] means that we replace all the atoms a 2 X by C[a= ] (so f : Cg is not part of the syntax).
To illustrate the strength of this formalism (second order a la Takeuti) observe that 82E is nothing but the principle
8X: A ) A[f : Cg=X]
and in particular, with A the provable formula
15.2. PROOFS INTO PROGRAMS |
125 |
9Y: 8 : ( 2 X , 2 Y ) |
|
we get 9Y: 8 : (C , 2 Y ). Therefore 82E appears as a variant |
of the |
Comprehension Scheme. |
|
Notice that there is no induction scheme. However if we de ne |
|
def
Nat( ) = 8X: (O 2 X ) 8 : ( 2 X ) S 2 X) ) 2 X)
then it is easy to prove that
A[O= ] ^ 8 : (Nat( ) ) A[ = ] ) A[S = ]) ) 8 : (Nat( ) ) A[ = ])
In other words, the induction scheme holds provided all rst order quanti ers are relativised to Nat.
15.2.2Translation of HA2 into F
To each formula A of HA2 we associate a type [[ A ]] of F as follows:
1. |
[[ a = b ]] = S where S is any xed type of F with at least one closed term, |
|
e.g. S = X: X!X. This simply says that equality has no algorithmic |
|
content. |
2. |
[[ a 2 X ]] = X (considered as a type variable of F) |
3.[[ A ) B ]] = [[ A ]]![[ B ]]
4.[[ 8 : A ]] = [[ 9 : A ]] = [[ A ]]
5.[[ 8X: A ]] = X: [[ A ]]
As we have said, we can de ne the other connectives, so for example
[[ A ^ B ]] = X: ([[ A ]]![[ B ]]!X)!A
where X is not free in A or B.
Notice that the rst order variables , , ... completely disappear in the translation, and so we have [[ A[a= ] ]] = [[ A ]].
The reader is invited to verify that:
[[ Nat( ) ]] = X: X!(X!X)!X = Int
126 |
CHAPTER 15. REPRESENTATION THEOREM |
Next we have to give a similar translation of the deduction of an HA2-formula A from (parcels of) hypotheses Ai into a term [[ ]] of F-type [[ A ]], depending on free rst-order F-variables xi of types [[ Ai ]]. Moreover this translation must respect the conversion rules.
1. If is just the hypothesis Ai then [[ ]] = xi.
2.The axioms are translated into dummy terms.
3.The rules for ! are translated into abstraction and application in F. If the
variable y is chosen to correspond to the parcel of hypotheses C and is a deduction of B from (Ai and) C, then when we add )I the translation becomes y: [[ ]]. Conversely, modus ponens ()E) applied to proving C and " proving C !B gives [[ " ]][[ ]]. Clearly, the conversion rule is respected.
4. |
8I, 8E and 9I are translated into nothing, because [[ A[a= ] ]] = [[ A ]]. For 9E, |
|
if proves 9 : C and " proves D from C then the full proof translates to |
|
[[ " ]][[[ ]]=y], where y corresponds to the parcel C and again conversion is |
|
respected. |
5. |
Finally, for 82 we note rst that |
|
[[ A[f : Cg=X] ]] = [[ A ]][[[ C ]]=X] |
and so we may translate 82I into X: [[ ]] and 82E into [[ ]][[ C ]], respecting conversion.
15.2.3Representation of provably total functions
In HA2, the formula Nat(SnO) admits a (normal) deduction n, namely
|
|
|
[O 2 X] |
8 |
|
|
|
2 |
X |
) |
S |
2 |
X)] |
|
|
|||||||||
|
|
|
|
|
|
|
|
|
|
|||||||||||||||
|
|
|
|
|
[ : ( |
|
|
|
|
|
||||||||||||||
|
|
|
n 1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8E |
|
|
|||
|
|
n |
1 |
|
|
|
|
n |
|
|
|
|
|
|
|
|||||||||
|
|
|
S O 2 X S |
O 2 X ) S |
O 2 X |
|
|
|||||||||||||||||
|
|
|
|
|
SnO 2 X |
|
|
|
|
|
|
|
|
)E |
|
|
||||||||
|
|
|
|
8 : ( 2 X ) S 2 X) ) SnO 2 X |
)I |
|
|
|||||||||||||||||
|
|
O 2 X ) 8 : ( 2 X ) S 2 X) ) SnO 2 X |
)I |
2 |
|
|||||||||||||||||||
|
8X: (O 2 X ) 8 : ( 2 X ) S 2 X) ) SnO 2 X) |
8 |
|
I |
||||||||||||||||||||
whose translation into system F is |
|
. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||
n |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||||
The reader is invited to prove the following: |
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||
Lemma n is the only normal deduction of Nat(SnO). |
|
|
|
|
|
|
|
|
||||||||||||||||
15.2. PROOFS INTO PROGRAMS |
127 |
This fact is similar to 15.1.1, but the proof is more delicate, because of the axioms (especially the negative one : S = O) which, a priori, could appear in the deduction. The fact that S a = O is not provable (consistency of HA2) must be exploited.
Now let A[n; m] be a formula expressing the fact that an algorithm, if given input n, terminates with output m = f(n). Suppose we have can prove
8n 2 N: 9m 2 N: A[n; m]
by means of a deduction in HA2 of
8 : (Nat( ) ) 9 : (Nat( ) ^ A[ ; ]))
Then we get a term [[ ]] of type
[[ 8 : (Nat( ) ) 9 : (Nat( ) ^ A[ ; ])) ]] = Int!(Int [[ A ]])
and the term t = x: 1([[ ]] x) of type Int!Int yields an object that keeps the algorithmic content of the theorem:
8n 2 N: 9m 2 N: A[n; m]
Indeed, for any n 2 N, the normal form of the deduction
n |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8 |
|
|
) 9 |
|
^ |
|
|
|
|
|
|
|
|
|
|
: (Nat( ) |
|
: (Nat( ) |
|
A[ ; ])) |
||||
|
|
|
|
|
|
|
|
|
|
|
|
|
8E |
n |
O) |
|
|
n |
|
|
|
|
n |
|
|||
Nat(S |
Nat(S |
O) ) 9 : (Nat( ) ^ A[S |
O; ]) |
||||||||||
|
|
|
9 : (Nat( ) ^ A[SnO; ]) |
|
|
|
|
)E |
|||||
must end with an introduction:
n
Nat(SmO) ^ A[SnO; SmO]
9I
9 : (Nat( ) ^ A[SnO; ])
128 |
CHAPTER 15. REPRESENTATION THEOREM |
Now, applying ^1E to n, we get a deduction of Nat(SmO) whose translation is (equivalent to) t n. By the lemma, this deduction normalises to m, and so t n normalises to m. But A[SnO; SmO] is provable in HA2, so it is true in the standard model, which means that m = f(n). So we have proved that f is representable in system F.
Unfortunately our |
proof |
is erroneous: |
it is impossible to |
interpret |
the |
axiom : S = O in |
15.2.2, |
simply because |
there is no closed |
term of |
type |
[[ : S = O ]] = S!Emp. |
|
|
|
|
|
Everything works perfectly if we add to system F a junk term of type Emp = X: X, interpreting the problematic axiom by xS: (the semantic analogue of is ?). This junk term disappears in the normalisation of t n, since we proved that the result is an m, but this is not very beautiful: it would be nicer to remain in pure system F. We shall see that it is indeed possible to eliminate junk from t.
15.2.4Proof without unde ned objects
Instead of adding this junk term, we can interpret it into pure system F, by a coding which maps every type to an inhabited one while preserving normalisation.
Proposition For any (closed) term t of type Int!Int in system F with junk, there is a (closed) term t0 of pure system F such that, if t n normalises to m, then t0 n normalises to m.
In particular, if t represents a function f, so does t0, and the representation theorem is (correctly) proved.
Proof By induction, we de ne:
hhXii = X
hhU!V ii = hhUii!hhV ii
hh X: V ii = X: X!hhV ii
so that:
hhT [U=X]ii = hhT ii[hhUii=X]
15.2. PROOFS INTO PROGRAMS |
129 |
If T is a type with free variables X1; : : : ; Xp we de ne inductively a term T of type hhT ii with free rst order variables x1; : : : ; xp of types X1; : : : ; Xp:
X = xX
U!V = yhhUii: V (note that y does not occur in V )
X: V = X: xX : V (where x may occur in V )
In particular, if T is closed, hhT ii is inhabited by the closed term T , for instance
hh X: Xii = X: X!X and X: X = X: xX : x
If t is term of type T with free type variables X1; : : : ; Xp and free rst order variables y1; : : : ; yq of types U1; : : : ; Uq we de ne inductively a term hhtii (without junk) of type hhT ii with free type variables X1; : : : ; Xp and free rst order variables x1; : : : ; xp; y1; : : : ; yq of types X1; : : : ; Xp; hhU1ii; : : : ; hhUqii:
hhyT ii = yhhT ii
hh yU : vii = yhhUii: hhvii
hht uii = hhtii hhuii
hh X: vii = X: xX : hhvii (note that x may occur in hhvii)
hht Uii = hhtii hhUii U
hh ii = Emp = X: xX : x
Again the reader can check the following properties
hht[u=yU ]ii |
= hhtii[hhuii=yhhUii] |
|
T [U=X] |
= |
T [hhUii=X][ U =xhhUii] |
hht[U=X]ii |
= |
hhtii[hhUii=X][ U =xhhUii] |
which are needed for the preservation of conversions:
if t u then hhtii hhuii
130 |
|
|
|
|
|
|
CHAPTER 15. |
REPRESENTATION THEOREM |
||||
Now we see that |
|
|
|
|
|
|
|
|
|
|
||
|
|
hhIntii |
= X: X!X!(X!X)!X |
|||||||||
|
|
hh |
n |
ii |
= X: xX : yX : zX!X : zn y |
|||||||
|
|
|
|
|
|
|
|
|
|
|||
weaken |
|
hh |
|
ii |
and |
contract hh |
|
ii |
|
|
||
n |
n |
n |
n |
|||||||||
Finally, a term t of type Int!Int with junk can be replaced by
t0 = zInt: contract(hhtii(weaken z))
without junk. |
|