Title: Can Proofs be Animated by Games
1Can Proofs be Animated by Games?
- Susumu Hayashi
- Humanistic Informatics
- Graduate School of Letters
- Kyoto University
- April 22, 2005, TLCA05, Nara, Japan
2What is the talk about?
- The subject is
- 1-backtracking game
- A join work with S. Berardi and Th. Coquand.
31-backtracking game semantics
- A restriction of the full backtracking game
semantics, introduced by Th. Coqunad in 1991-2
, 1995. - Coquand introduce a form of 1-backtracking game
already in 1991-2
4Game semantics for PCF?
- No! It is a semantics for logic.
- However, it seems related to game semantics of
PCF and related calculi. - It is conjectured that Coquands semantics is
isomorphic to J. Lairds game semantics for
PCFControl, which is an extension of the game
semantics by Hyland-Ong. (S. Berardi)
5A different motivation
- Although our semantics is likely to be related to
the game semantics by Hyland-Ong and Laird, our
motivation is not full-abstraction. - Our motivation is Proof Animation.
6Proof Animation
Proof Score Method for CafeOBJ by Futatsugi et
al. is a typical example of Proof Engineering.
(This afternoon at WRS 05.)
- A technique of Proof Engineering.
- Proof Engineering is my terminology for the
engineering to build formal proofs, e.g., the
researches and activities in the projects of
CafeOBJ, Coq, HOL, Mizar, PVS,
7An example of Proof Animation
-- ASSUMPTION -- There is a bag. And some white
or black marbles are in it.
-- CONCLUSION -- All marbles in the bag are of
the same color.
This is wrong.
However, we prove it by mathematical induction!
8Proof of the theorem
- Base case n1 is easy
- The induction step
- The theorem holds for groups A and B, since they
have only n marbles. All the marbles are of the
same color, since they share an.
What is wrong?
9The proof is constructive and executable.
A wrong lemma was used!groups A and B share a
marble. You can introduce the wrong lemma as a
subgoal and prove the theorem formally with a
proof checker. Then
10Proof animation helps to debug formal
constructive proofs
- The proof was constructive and the wrong lemma
was detected quickly by executing the proof by
Curry-Howard isomorphism. - I often used such a technique in my PX project
in 1980s. I could very quickly find bugs in
definitions, goals and subgoals by the technique.
- PX was a constructive proof animator.
11Proof animation project
- Build a proof animator which helps formal proof
developments not only for constructive
mathematics but also for proof developments in
general. - We must find a means to execute non-constructive
proofs.
12Proof animator for non-constructive proofs?
- Classical proofs are not directly executable.
- However, there are many works to execute
classical proofs CPS translations,
C-combinator, lm-calculus,
13Constructive interpretations of classical proofs
are inadequate
- These works are theoretically good, but are not
adequate for proof animation. - Locally legible each computation step in these
semantics is legible enough. - Globally illegible interpretations of proofs
with several steps combinatorially explode.
Algorithms resulting from even small proofs
cannot be understood.
14An important REMARK
- The global illegibility is not bad for logicians.
- If the aim is to unwind classical proofs, such as
works by logicians Kreisel, Kohlenbach, and
Schwichtenberg, then the illegibility implies
non-triviality of their mathematical works. - However, our aim is a technology of proof
engineering. If one can write an academic paper
when he or she could execute a proof by a method
executing classical proofs, then the method is
bad for proof animation.
15What we need for proof animation
- We need a lightweight method executing proofs in
everyday proof developments. - A tool for proof animation must be easy to use as
a test tool for programming languages. - Its underlying theory must be easy to understand.
It is a tool, not an objective.
16A solution Inductive inference from Learning
Theory
- Algorithmic Learning Theory a discipline to
investigate machine learning from the viewpoint
of theory of computation. (a.k.a. computational
learning theory) - Inductive inference the oldest mathematical
definition of learning in algorithmic learning
theory.
17An example of learning process by inductive
inference (1)
- MNP (Minimal Number Principle)Let f be a
function from Nat to Nat. Then, there is n Nat
such that f(n) is the smallest value among
f(0), f(1), f(2), Nat the set of natural
numbers
18An example of learning process by inductive
inference (2)
- Such an n is not Turing-computable from f.
- However, the number n is inferred in finite time
from f by a non-stopping algorithm of inductive
inference.
19The inductive inference algorithm for MNP
- Consider a box containing a natural number.
Denote the content of the box by x. - Initialize the box by setting x0.
- Regard f , as a stream f(0), f(1), f(2),
- Compare f(x) with the next element of the stream,
say f(n). If the new one is smaller than f(x),
then put n in the box. Otherwise, keep the old
value in the box. - Repeat it forever.
20It gives the right answer in finite time
- We have a sequence of natural numbers
f(n0)gtf(n1)gtf(n2)gt - Thus, the content of the box will eventually
become a correct answer and after then the
content x will never change. - In this sense, the non-terminating process
infers (or learns) the right answer in finite
time. - You will eventually get a right answer, although
you will never know when you got it.
21Limit-computable functions
- The process inferring x is expressed by the
limit - lim n 8 h(n) x
- The functions defined by g(x)lim n 8 f(n,x),
for a recursive function f, are called
limit-computable functions. - The limit-computable functions coincide with the
D02-functions.
22Logic based on limit-computable functions
- Semantics of constructive mathematics is given by
the realizability interpretation based on
recursive functions. - The D02-functions constitute a domain of abstract
recursion theory. - Thus, we may replace recursive functions with
D02-functions to define a mathematics. - The defined mathematics is called
Limit-Computable Mathematics (LCM)
23Execution of LCM proofs
- All proofs of LCM are executable by
non-stopping inductive inference algorithms. - We can observe that LCM-proofs perpetually
approximate right answers, and eventually reach
right answers.
24What kind of mathematics holds in LCM?
- Not all classical theorems hold. For example,
Law of Excluded Middle holds for S01-formulas but
not for S02-formulas. - However, an unexpectedly large fragment of
classical theorems hold. - Dixons lemma, Hilberts invariant theory,
Gödel's completeness theorem, Hahn-Banach
theorem, - There are reverse mathematics-like researches on
the extent of LCM. (Akama et al. LICS 04,
Toftdal ICALP 04. in the references of the
proceedings paper.)
25It looks fine, however...A technical problem
- If proofs are interpreted by limits over time
parameter t0,1,2, as the original theory of
inductive inference, then plural inductive
inference processes are merged into one process
to interpret logical inference rules with plural
premises. - The merged inference process behaves like a CPU
executing plural programs in the time-sharing
way. - Thus its behavior is not legible.
26Possible solutions
- Design a calculus of communicating inductive
inference processes. - Use generalized limits. S. Berardi has introduced
limit-interpretations based on such generalized
limits. - However, there is a much better way.
- Game theoretical semantics
27A semantics based on 1-backtracking game
- There is a game theoretical semantics equivalent
to LCM. - Good points of games
- Avoid the problem of global clock.
- More interactive.
- Much easier to understand than realizability
interpretation.
28Game theoretical semantics of logic (1)
- Due to P. Lorenzen and J. Hinttika.
- In the semantics, validating a logical formula is
counted as a game between two players Abelard
(opponent) and Eloise (proponent).
29Game theoretical semantics of logic (2)
- For simplicity, we illustrate the semantics by
prenex normal forms x1."y1.,,xn."yn.A(x1,y1,,
xn,yn) ,where A is a decidable formula. - A play is a sequence of moves by Eloise and
Abelard ". - Eloise wins by making A(x1,y1,,xn,yn) true.
Otherwise Eloise loses and Abelard wins.
30A play for x1."y1.x2."y2.A(x1,y1,x2,y2)
- Eloise moves x15.
- Abelard moves y111.
- Eloise moves x27.
- Abelard moves y22.
- If A(5,11,7,2) is true, then Eloise wins.
- If A(5,11,7,2) is false, then Abelard wins.
31The definition of truth
- A formula is defined to be true, if and only if,
there is a winning strategy for Eloise. - A strategy str of Eloise is a set-theoretical
function, which returns her next move from the
preceding moves, e.g., str(x1,y1 ) x2 for
x1."y1.x2."y2.A(x1,y1,x2,y2)
32Constructive truth and game theoretical semantics
- Giving a strategy for Eloise means giving Skolem
functions. - Thus, the game theoretical truth definition is
equivalent to Tarski semantics. - And, a formula is constructively true
(recursively realizable) iff Eloise has a
constructive (recursive) strategy.
331-backtracking game
- We introduce a new rule
- Eloise is allowed to backtrack to any preceding
position of the current situation of play and
restart from the position. - Eloises strategy may have a memory to record
information on past moves by Abelard and Eloise. - Everything is the same besides these two.
34A recursive winning strategy for
x."a.((xgt0ÙA(x-1))Ú(x0ÙØA(a)))
- Eloise moves x0.
- Abelard moves a24.
- If ØA(24) holds, Eloise stops and she wins. If
A(24) holds, she backtracks to the stage 1, and
moves with x25, i.e. x241. - Then, Abelard moves. However, Eloise always wins,
since A(x-1) holds with x241.
A(x) is assumed to be decidable. Thus the formula
(xgt0ÙA(x-1))Ú(x0ÙØA(a)) is the decidable part of
prenex form.
35Stack presentation of the strategyx."a.((xgt0ÙA(
x-1))Ú(x0ÙØA(a)))
- We consider the case of backtracking, i.e. the
case A(24) holds.
- The stack behaviour
- x0
- x0, a24
- backtrackand
- x25 new move
- x25,a743
- Eloise wins, since 25gt0ÙA(24) holds.
- Eloise moves x0.
- Abelard moves a24.
- Since A(24) holds, Eloise backtracksand moves
with x241. - Abelard moves, say a743
- Eloise wins.
36A play for x1."y1.x2."y2.A(x1,y1,x2,y2)
- Eloise moves x15.
- Abelard moves y111.
- Eloise moves x27.
- Abelard moves y22.
- If A(5,11,7,2) is true, then Eloise wins.
- If A(5,11,7,2) is false, then Abelard wins.
37The equivalence theorem
- For any prenex normal formula A, the following
conditions are equivalent - Eloise has a recursive winning strategy for A.
- A is LCM-correct, i.e., it has a limit-recursive
realizer.
38Other logical signs
- Conjunctions and disjunctions can be treated as
special kind of quantifiers. - Semantics of implication can be given by
Hinttikas notion of subgame.
39S01-EM is true in the sense of 1-backtracking
game
- x."a.((xgt0ÙA(x-1))Ú(x0ÙØA(a))) is
constructively equivalent to S01-EM - x.A(x) Ú "a.ØA(a)
- Eloise has a recursive winning strategy for
S01-EM.
40 A play with disjunction x.A(x) Ú "a.ØA(a)
- right
- right, a24
- backtrack and go with two new moves
left, x25. - left, x25, a743
- Eloise wins.
- Eloise moves with right
- Abelard moves a24.
- Since A(24) holds, Eloise backtracksand moves
withleft and x241. - Abelard moves, say a743
- Eloise wins.
41The convergence property of 1-backtracking
winning strategy
In the proceedings paper, I called it
stability, but convergence property is
better. I changed the name.
- The Convergence Property
- As Abelard attacks Eloise with more and more
moves, Eloises move after a winning strategy
eventually converges in the manner of inductive
inference to the right values given by Tarski
semantics. - The convergences take place from the outside of
the formula to the inside of the formula.
42The Convergence Propertycaution over simplified
for explanation
- x1."y1.x2."y2.A(x1,y1,x2,y2)
X1a1
When Abelard tries all possible moves for him,
a1, a2, a3, given by Eloises winning strategy
converges to the right value in the sense of
Tarski semantics. In this figure, it is a5.
X1a2
X2b1
X1a3
X1a4
X1a5
X2b2
X2b3
X2b4
43Remarks
- The figure is a little bit simplified. In
reality, the sequence a1, a2, a3, converges when
all possible plays are considered. But, the
figure represents only one play. Eloise may win
accidentally with wrong values. - The parameter space for the convergence or
limit of a1, a2, a3, is the directed set of
the finite sets of Abelards moves with the usual
set ordering.
44The Convergence Property and Proof Animation (1)
- When one animates a proof by an animation tool,
he tests the proof by providing test inputs, sets
of Abelards moves. - The user of animator expects particular values
are returned for existential quantifiers for the
test inputs by the winning strategy associated to
the proof.
45The Convergence Property and Proof Animation (2)
- The expected value is the limit of the sequence
of trial values a1, a2, a3, - It is just as the inductive inference of MNP
example. - The behavior of 1-backtracking winning strategy
is always in this pattern ! You do not need to
worry about other patterns.
46Full backtracking game and Proof Animation
- In Coquands full backtracking game, Eloise is
allowed to backtrack to any point of the past. - Even if a stack configuration was flushed away
(popped away) by her own backtracks, she is
allowed to return to positions of configurations
once flushed away. - A strategy for S02-EM already cannot have
convergence property. Values returned by the
strategy are locally correct, but never globally
correct. Thus, it is difficult to understand the
behavior of the strategy (proof).
47Towards Proof Animator with 1-backtracking game
- A proof animator via 1-backtracking game is now
planned. - The ultimate goal is to animate proofs of David
Hilberts theory of algebraic invariants in his
1890 Mathematische Annalen paper.
48Hilberts invariant theory
- This is the theory that Paul Gordan called not
mathematics, but theology. - In 19th century algebra, solutions had to be
given by algorithms. Gordan, who was the king of
invariant theory then, realized Hilberts proof
of the finite basis theorem embodies no
algorithm. - Hilbert used S01-EM repeatedly in the proof. All
other parts were constructive.
49The theology is executable
- Theology was S01-EM.
- When the 1-backtracking animator is built,
Hilberts theology will run on a computer! - Remark LCM was found through my investigation of
history of mathematic on Hilberts invariant
theory thanks to help of a learning theorist
Akihiro Yamamoto.
50Generalized equivalence theorem
- Berardi has defined a 1-backtracking game Back(G)
for every game G in the sense of set theory, and
proved the following theorem - For any recursion theoretic degree a, the
following are equivalent - The degree a contains a winning strategy for
Back(G). - The jump of the degree a contains a winning
strategy for G.
51Iteration
- Berardis Back(-) can be iterated.
- Thus, we can climb up the arithmetical
hierarchy by iterating 1-backtracking extension. - It might be possible to animate beyond LCM using
Berardis iteration.
52Conclusion
- 1-backtracking game will serve as the right
foundations for a proof animation tool. - Hilberts invariant theory will be animated by
the proof animation tool. - It might be possible to animate beyond LCM using
Berardis iteration. - It seems to be related to game semantics for the
full abstraction problems.
53Proof Animation/ LCM home page
- For more information, visit our home page
- http//www.shayashi.jp/PALCM/