A theory TCF of computable functionals

(1)

CHAPTER 3

A theory TCF of computable functionals

After getting clear about the domains we intend to reason about, the partial continuous functionals and in particular the computable ones, we now set up a theory to prove their properties. The main concepts are those of inductively and coinductively defined predicates.

3.1. Formulas and their computational content

Formulas are built up from prime formulas P~t by implication → and universal quantification ∀_x; here the t_i are terms, x is a variable and P is a predicate of a certain arity (a list of types). We often write ~t ∈ P for P~t. Predicates can be inductively or coinductively defined. An example for the former is T_L(N), which is defined by the clauses (i) [] ∈ T_L(N) and (ii)

∀n∈N(` ∈ T_L(N) → n :: ` ∈ T_L(N)). An example for the latter is ^coT_L(N) defined by a closure axiom saying that every`∈^coT_L(N) is of the formn::`⁰ with n ∈ N and `⁰ ∈ ^coT_L(N) again. According to Kolmogorov (1932) a formula can be seen as a problem, asking for a solution. In the inductive example a solution for 4 :: 2 :: 0 :: []∈T_L(N)would be the generating (finite) sequence [], 0 :: [], 2 :: 0 :: [], 4 :: 2 :: 0 :: [], and in the coinductive example a solution for a prime formula t ∈ ^coT_L(N) would be an (infinite) stream of natural numbers. Generally, a solution for an inductive predicate is a finite construction tree, and for a coinductive predicate a finitely branching possibly infinite destruction tree. Such trees can be seen as ideals of the free algebras considered in Section 2.1.4. A solution for a problem posed by the formulaA→B is a computable functional mapping solutions ofA into solutions ofB.

Sometimes the solution of a problem does not need all available input.

We therefore mark the sources of such computationally superfluous input – that is, some (co)inductive predicates – as “non-computational” (n.c.).

Assume an infinite supply of predicate variables, each of its own arity (a list of types). We distinguish two sorts of predicate variables, “computationally relevant” ones X^c, Y^c, Z^c, W^c. . . and “non-computational” ones X^nc,Y^nc,Z^nc,W^nc . . . , and use X, Y, Z, W . . . for both.

45

(2)

Definition (Clauses and predicate forms). Clauses K have the form

∀_~_x( ˜Y^c→Z˜^nc→(∀_~_y_i( ˜W_i^nc→X¯i))i<n →X)¯

with all predicate variablesY_i^c,Z_i^nc,W_i^ncoccurring exactly once and distinct from each other and from X. By ¯X we denote the result of applying the predicate variable X to a list of terms of fitting types, and by ˜X lists of those. Iterated implications are understood as associated to the right. A premise of a clause is called a parameter premise if X does not occur in it, and a recursive premise otherwise. A clause K is nullary if it has no recursive premises. We call I^c := µ_X^cK~ and I^nc := µ_X^ncK~ with K~ not emptypredicate forms (and use I for both), and similarly with^coI forI and ν forµ.

Examples. Recall that []^L(α) and Consα→L(α)→L(α) are the two con- structors of the algebra form L(α) of lists, written [] and :: (infix).

1. Let Y of arity (α, α) and X of arity (L(α),L(α)) be predicate vari- ables. Then

K₀ :=X([],[]),

K₁ :=∀_x,x⁰(Y(x, x⁰)→ ∀_`,`⁰(X(`, `⁰)→X(x::`, x⁰ ::`⁰)))

are clauses and bothsimilarity ∼_L(Y) (or∼_L,Y) defined byµX(K0, K1) and bisimilarity ≈_L(Y) (or ≈_L,Y) defined by ν_X(K₀, K₁) are predicate forms with Y a parameter predicate variable. Note that we can omit the type parameter α, since it can be read off from the arity of Y.

2. Alternatively let Y of arity (α) and X of arity (L(α)) be predicate variables. Then

K₀:= ([]∈X),

K1:=∀_x(x∈Y → ∀_`(`∈X→x::`∈X))

are clauses and bothrelative totalityTL(Y) (orTL,Y) defined byµX(K0, K1) and also relative cototality ^coT_L(Y) (or ^coT_L,Y) defined by ν_X(K₀, K₁) are predicate forms with Y a parameter predicate variable.

Definition (Algebra form of a predicate form). From every clause K we obtain a constructor type by (i) omitting quantifiers, (ii) dropping all n.c.

predicates and from the c.r. predicates their arguments, and (iii) replacing the remaining predicate variables by type variables. That is, from the clause

∀_~_x( ˜Y^c→Z˜^nc→(∀_~_y_i( ˜W_i^nc→X¯_i))_i<n →X)¯

we obtain the constructor typeα~ →(ξ)i<n→ξ. With every predicate form I^c:= (µ/ν)_X^cK~ we canonically associate the algebra formι_I^c :=µ_ξ~κ.

(3)

3.1. FORMULAS AND THEIR COMPUTATIONAL CONTENT 47

Examples. For each of the predicate forms ∼_L, ≈_L, T_L, ^coT_L defined above the associated algebra form is L. Notice that the distinction whether a predicate form I is defined as a least or greatest fixed point is ignored.

Definition (Predicates and formulas).

P, Q::=X | {~x|A} |I(~ρ, ~P)|^coI(~ρ, ~P) (predicates), A, B::=P~t |A→B | ∀_xA (formulas)

with I/^coI a predicate form. (I/^coI)(~ρ, ~P) is the result of substituting the types ~ρand the (already generated) predicates P~ for its type and predicate variables. To take care of the difference between X^c and X^nc we define the final predicate of a predicate or formula by

fp(X) :=X, fp({~x|A}) := fp(A), fp((I/^coI)(~ρ, ~P)) :=I/^coI,

fp(P~t) := fp(P), fp(A→B) := fp(B), fp(∀_xA) := fp(A).

We call a predicate or formula C non-computational (n.c., or Harrop) if its final predicate fp(C) is of the form X^nc or I^nc, else computationally relevant (c.r.). Now we require that all predicate substitutions involved in (I/^coI)(~ρ, ~P) substitute c.r. predicates for c.r. predicate variables and n.c. predicates for n.c. predicate variables. Such predicate substitutions are called sharp.

Predicates of the form I(~ρ, ~P) are called inductive, and predicates of the form ^coI(~ρ, ~P) coinductive.

The terms~tare those introduced in Section 2.2.1, i.e., typed terms built from typed variables and constants by abstraction and application, and (importantly) those with a common reduct are identified.

A predicate of the form {~x | C} is called a comprehension term. We identify {~x|C(~x)}~twithC(~t). For a predicate C of arity (ρ, ~σ) we write Ct for{~y|Ct~y}.

It is a natural question to ask what the type of a “realizer” or “witness”

of a c.r. predicate or formula C should be.

Definition (Type τ(C) of a c.r. predicate or formula C). Assume a global injective assignment of type variablesξ to c.r. predicate variablesX^c.

τ(X^c) :=ξ, τ({~x|A}) :=τ(A), τ((I^c/^coI^c)(~ρ, ~P)) :=ι_I^c(τ(P~^c)),

τ(P~t) :=τ(P), τ(A→B) :=

(τ(A)→τ(B) (A c.r.) τ(B) (A n.c.) τ(∀_xA) :=τ(A)

(4)

where P~^c are the c.r. predicates among P~ and ι_I^c is the algebra form associated with the predicate form I^c/^coI^c. We call ιI^c(τ(P~^c)) the algebra associated with (I^c/^coI^c)(~ρ, ~P).

Examples. 1. Theeven numbers are inductively defined by Even :=µX^c(0∈X^c,∀_n(n∈X^c→S(Sn)∈X^c)).

The constructor types of τ(Even) areξ and ξ→ξ, hence τ(Even) =N.

2. For every closed base type ι(~ρ) we define c.r. equality predicates

∼_ι(P~) and ≈_ι(P~) of arity (ι(~ρ), ι(~ρ)) by induction on the height|ι(~ρ)|:=

1 + max|~ρ|. Hereι is the name of an algebra form (for instance L), the ρ_i are closed base types and the P_i are predicates of arity (ρ_i, ρ_i).

(i). ∼_N :=µ_X^c(K0, K1) and≈_N :=ν_X^c(K0, K1) with clauses K₀ :=X^c(0,0),

K₁ :=∀_n,n⁰(X^c(n, n⁰)→X^c(Sn, Sn⁰)).

Then τ(∼_N) =τ(≈_N) =N.

(ii). ∼_L(≈_N) :=µ_X^c(K₀, K₁) and ≈_L(≈_N) :=ν_X^c(K₀, K₁) with clauses K₀ :=X^c([],[]),

K1 :=∀_n,n⁰(n≈_Nn⁰ → ∀_`,`⁰(X^c(`, `⁰)→X^c(n::`, n⁰::`⁰))).

Then τ(∼_L(≈_N)) =τ(≈_L(≈_N)) =L(N).

(iii). ∼_L(∼_L(≈_N)) := µ_X^c(K₀, K₁) and ≈_L(∼_L(≈_N)) := ν_X^c(K₀, K₁) with clauses

K0 :=X^c([],[]),

K₁ :=∀_`,`⁰(`∼_L(≈_N)`⁰→ ∀_u,u⁰(X^c(u, u⁰)→X^c(`::u, `⁰ ::u⁰))).

Then τ(∼_L(∼_L(≈_N))) =τ(≈_L(∼_L(≈_N))) =L(L(N)).

3. The transitive closure of a binary relation is defined as follows. Let K₀:=∀_x,y(Y xy→Xxy),

K₁:=∀_x,y,z(Y xy→Xyz→Xxz)

where x, y, z are variables of type α and Y, X predicate variables of arity (α, α). From these clauses we define the predicate form

TC :=µ_X(K₀, K₁)

with parameter type variable α and parameter predicate variable Y. Let < be a c.r. “less than” relation on the natural numbers, of arity (N,N). Then TC(N, <) is its transitive closure. The constructor types of τ(TC) are β → ξ and β → ξ → ξ, hence τ(TC(N, <)) is the type of non- empty lists of natural numbers.

(5)

3.1. FORMULAS AND THEIR COMPUTATIONAL CONTENT 49

4. An important example of an inductive predicate is Leibniz equality, defined simply by

EqD :=µ_X^nc(∀_xX^ncxx) (D for “inductively defined”).

We will use the abbreviation

(x≡y) := EqD(x, y).

The missing logical connectives disjunction, conjunction and existence can now be defined inductively. Disjunction is a special case of union

Cup_Y,Z :=µ_X^c(∀_~_x(Y ~x→X^c~x), ∀_~_x(Z~x→X^c~x)).

Since the parameter predicates Y, Z can be chosen as either c.r. or n.c. we obtain the variants

CupD_Yc,Z^c :=µ_X^c(∀_~_x(Y^c~x→X^c~x), ∀_~_x(Z^c~x→X^c~x)), CupL_Yc,Z^nc :=µ_X^c(∀_~_x(Y^c~x→X^c~x), ∀_~_x(Z^nc~x→X^c~x)), CupR_Ync,Z^c :=µ_X^c(∀_~_x(Y^nc~x→X^c~x), ∀_~_x(Z^c~x→X^c~x)), CupU_Y^nc_,Z^nc :=µX^c(∀_~_x(Y^nc~x→X^c~x), ∀_~_x(Z^nc~x→X^c~x)), CupNc_Y,Z :=µX^nc(∀_~_x(Y ~x→X^nc~x), ∀_~_x(Z~x→X^nc~x)).

Here D is for “double”, L for “left”, R for “right” and U for “uniform”.

Then by definition

τ(CupD) =µ_ξ(β0 →ξ, β1 →ξ) =β0+β1, τ(CupL) =µ_ξ(β →ξ, ξ) =β+U, τ(CupR) =µ_ξ(ξ, β →ξ) =U+β, τ(CupU) =µ_ξ(ξ, ξ) =B.

We use the abbreviations

P ∪^dQ := CupD_P,Q, P ∪^lQ := CupL_P,Q, P ∪^rQ := CupR_P,Q, P ∪^uQ := CupU_P,Q, P ∪^ncQ:= CupNc_P,Q.

(6)

In case of nullary predicates we use

A∨^dB := CupD_{|A},{|B}, A∨^lB := CupL_{|A},{|B}, A∨^rB := CupR_{|A},{|B}, A∨^uB := CupU_{|A},{|B}, A∨^ncB := CupNc_{|A},{|B}.

Since the “decoration” is determined by the c.r./n.c. status of the two parameter predicates we usually leave it out in ∨^d,∨^l,∨^r,∨^u and just write

∨. However in the final nc-variant we suppress even the information which clause has been used, and hence must keep the notation ∨^nc.

Similarly conjunction is a special case of intersection Cap_Y,Z :=µX^c(∀_~_x(Y ~x→Z~x→X^c~x)), and we obtain the variants

CapD_Y^c_,Z^c :=µX^c(∀_~_x(Y^c~x→Z^c~x→X^c~x)), CapL_Yc,Z^nc :=µ_X^c(∀_~_x(Y^c~x→Z^nc~x→X^c~x)), CapR_Ync,Z^c :=µ_X^c(∀_~_x(Y^nc~x→Z^c~x→X^c~x)), CapNc_Y,Z :=µ_X^nc(∀_~_x(Y ~x→Z~x→X^nc~x)).

Then by definition

τ(CapD) =µξ(β0→β1→ξ) =β0×β1

τ(CapL) =τ(CapR) =µ_ξ(β→ξ) =I(β).

We use the abbreviations

P∩^dQ := CapD_P,Q, P∩^lQ := CapL_P,Q, P∩^rQ := CapR_P,Q, P∩^ncQ:= CapNc_P,Q. In case of nullary predicates we use

A∧^dB := CapD_{|A},{|B}, A∧^lB := CapL_{|A},{|B}, A∧^rB := CapR_{|A},{|B}, A∧^ncB := CapNc_{|A},{|B}.

Again since the decoration is determined by the c.r./n.c. status of the two parameter predicates we usually leave out the decoration and just write ∧.

(7)

3.2. AXIOMS OF TCF 51

Finally existence is defined inductively by

Ex_Y^c :=µ_X^c(∀_x(x∈Y^c→X^c)), ExNcY :=µX^nc(∀_x(x∈Y →X^nc)).

Then by definition

τ(Ex) =µ_ξ(β →ξ) =I(β).

We use the abbreviation

∃_xA := Ex_{x|A},

∃^nc_x A:= ExNc_{x|A},

and again since the decoration is determined by the c.r./n.c. status of the parameter predicate we usually leave out the decoration and just write ∃.

3.2. Axioms of TCF

We define a theory of computable functionals, called TCF. Formulas are the ones defined above, involving typed variables. Derivations use the rules of minimal logic for → and ∀, and the axioms introduced below. However, because of the presence of decorations we have an extra degree of freedom.

By an n.c. part of a derivation we mean a subderivation with an n.c. end formula. Such n.c. parts will not contribute to the computational content of the whole derivation, and hence we can ignore all decorations in those parts (i.e., use a modified notion of equality of formulas there).

For each inductive predicate there are “clauses” or introduction axioms, together with a “least-fixed-point” or elimination axiom. To grasp the gen- eral form of these axioms it is convenient to write a clause

∀_~_x( ˜Y^c→Z˜^nc→(∀_~_y_i( ˜W_i^nc→X¯_i))_i<n→X)¯ as ∀_~_x((A_ν(X))_ν<n→X~t).

Definition (Introduction and elimination axioms for inductive predicates). For an inductive predicate µ_X(∀_~_x_i((A_iν(X))_ν<n_i → X~t_i))_i<k =: I we have k introduction axioms I_i⁺ (i < k) and one elimination axiom I⁻:

I_i⁺:∀_~_x_i((Aiν(I))ν<ni →I~ti), (9)

I⁻: (∀_~_x_i((A_iν(I∩X))_ν<n_i →X~t_i))_i<k→I ⊆X (10)

(I∩Xwas inductively defined above). (10) expresses that every competitor X satisfying the same clauses containsI. We take all substitution instances of I_i⁺,I⁻ (w.r.t. substitutions for type and predicate variables) as axioms.

Remarks. (i) We use a “strengthened” form of the “step formula”, namely ∀_~_x_i(A_iν(I∩X))_ν<n_i →X~t_i rather than∀_~_x_i(A_iν(X))_ν<n_i →X~t_i. In applications of the least-fixed-point axiom this simplifies the proof of the

“step”, since we have an additional I-hypothesis available.

(8)

(ii) Notice that there is no circularity here for the inductive predicate Y∩Z := Cap_Y,Z, since there are no recursive calls in this particular inductive definition and hence∩ does not occur in

Cap⁻_Y,Z:∀_~_x(Y ~x→Z~x→X~x)→Cap_Y,Z ⊆X.

(iii) The elimination axiom (10) could equivalently be written as I⁻:∀_~_x(I~x→(∀_~_x_i((A_iν(I∩X))_ν<n_i →X~t_i))_i<k→X~x)

In this form it fits better with our (i.e., Gentzen’s) way to write the logical elimination rules, where the main premise comes first. More importantly, its type (cf. Section 3.1) will then be the type of the recursion operator R^τ_ι taken as the “computational content” (cf. Section 4.1) of the elimination axiom for I. Therefore in the implementation of TCF this form is used.

However, for readability we often prefer the form (10) in the present notes.

Examples. 1. For Even the introduction axioms are 0∈Even, ∀_n(n∈Even→S(Sn)∈Even) and the elimination axiom is Even⁻:

0∈X → ∀_n(n∈Even→n∈X →S(Sn)∈X)→Even⊆X.

As an example of how to use these axioms we prove an “inversion” property:

n∈Even↔n≡0∨ ∃_n⁰(n⁰ ∈Even∧n≡S(Sn⁰)).

“←”. Use the introduction axioms. “→”. Use Even⁻ with competitor predicate X := {n |n ≡0∨ ∃_n⁰(n⁰ ∈ Even∧n ≡ S(Sn⁰))}. It suffices to prove the premises of Even⁻ for this X. For the first premise this is clear.

For the second assume n with n ∈ Even∩X. The goal is S(Sn) ∈ X. It suffices to show ∃_n⁰(n⁰ ∈Even∧S(Sn)≡S(Sn⁰)). Taken.

2. Consider the algebra Yof binary trees. We want to represent the set of total ideals by an inductively defined predicate T_Y. The clauses are

(TY)⁺₀ :− ∈TY,

(TY)⁺₁ :∀_t₁_,t₂(t1, t2 ∈TY→Ct1t2∈TY) and the elimination axiom is

T_Y⁻:− ∈X→ ∀_t₁_,t₂(t1, t2∈TY∩X→Ct1t2 ∈X)→TY⊆X.

From these axioms we prove the inversion property:

t∈TY↔(t≡ −)∨ ∃_t₁_,t₂(t1, t2∈TY∧t≡Ct1t2).

“←”. Use the introduction axioms. “→”. UseT_Y⁻with competitor predicate X := {t|(t ≡ −)∨ ∃_t₁_,t₂(t1, t2 ∈ TY∧t≡ Ct1t2}. It suffices to prove the premises ofT_Y⁻ for thisX. For the first premise this is clear. For the second

(9)

assumet₁, t₂ witht₁, t₂ ∈T_Y∩X. The goal is Ct₁t₂ ∈X. It suffices to show

∃_t⁰

1,t⁰₂(t⁰₁, t⁰₂ ∈TY∧Ct⁰₁t⁰₂ ≡Ct1t2). Take t1, t2.

3. For the transitive closure TC≺ := TC(ρ,≺) of a binary relation≺on objects of type ρ the introduction axioms are

∀_x,y(x≺y →TC≺(x, y)),

∀_x,y,z(x≺z→TC≺(z, y)→TC≺(x, y)) and the elimination axiom is TC⁻_≺:

∀_x,y(x≺y→Xxy)→ ∀_x,y,z(x≺z→TC≺(z, y)→Xzy→Xxy)→ TC≺⊆X.

The inversion property

TC≺(x, y)↔x≺y∨ ∃_z(x≺z∧TC≺(z, y))

can be proved as above. For “←” use the introduction axioms, and for “→”

use TC⁻_≺ with competitor X := {x, y|x≺y∨ ∃_z(x≺z∧TC≺(z, y))}. It suffices to prove the premises of TC⁻_≺ for thisX. For the first premise this is clear. For the second assume x, y, z withx≺z and TC≺(z, y) and Xzy.

The goal is Xxy. It suffices to show ∃_z(x≺z∧TC≺(z, y)). Takez.

4. For ∼_X_×Y :=∼_×(ρ, σ, X, Y) the introduction axiom is

∀_x,x⁰_,y,y⁰(Xxx⁰ →Y yy⁰ → hx, yi ∼_X×Y hx⁰, y⁰i) and the elimination axiom is ∼⁻_X×Y:

∀_x,x⁰_,y,y⁰(Xxx⁰ →Y yy⁰ →Z(hx, yi,hx⁰, y⁰i))→ ∼_X×Y ⊆Z.

Hence ∼_X×Y = {(hx, yi,hx⁰, y⁰i) | Xxx⁰, Y yy⁰}. The inversion property now is

p∼_X_×Y p⁰ ↔ ∃_x,x⁰_,y,y⁰(Xxx⁰∧Y yy⁰∧p≡ hx, yi ∧p⁰≡ hx⁰, y⁰i).

For “←” use the introduction axioms, and for “→” use ∼⁻_X×Y with competitor Z := {p, p⁰ | ∃_x,x⁰_,y,y⁰(Xxx⁰∧Y yy⁰∧p ≡ hx, yi ∧p⁰ ≡ hx⁰, y⁰i }. It suffices to prove the premise of ∼⁻_X×Y for this Z. Assume x, x⁰, y, y⁰ with Xxx⁰ and Y yy⁰ and p≡ hx, yi andp⁰≡ hx⁰, y⁰i. The goal isZpp⁰. It suffices to show ∃_x,x⁰_,y,y⁰(Xxx⁰∧Y yy⁰∧p≡ hx, yi ∧p⁰≡ hx⁰, y⁰i). Take x, x⁰, y, y⁰.

Similarly for ∼_X+Y :=∼₊(ρ, σ, X, Y) the introduction axioms are

∀_x,x⁰(Xxx⁰→InL(x)∼_X+Y InL(x⁰)),

∀_y,y⁰(Y yy⁰ →InR(y)∼_X+Y InR(y⁰)) and the elimination axiom is

∀_x,x⁰(Xxx⁰→Z(InL(x),InL(x⁰))→

∀_y,y⁰(Y yy⁰→Z(InR(y),InR(y⁰))→ ∼_X+Y ⊆Z.

(10)

Hence ∼_X+Y ={(InL(x),InL(x⁰))|Xxx⁰} ∪ {(InR(y),InR(y⁰))|Y yy⁰}.

Recall the inductive definitions of existence, intersection and union given above. For nullary predicates P ={ | A} and Q={ | B} we write A∧B forP ∩Q andA∨B forP ∪Q. Then – as in Chapter 1 – the introduction axioms are

∀_x(A→ ∃_xA), A→B→A∧B,

A→A∨B, B→A∨B

and the elimination axioms are (now written in the equivalent form men- tioned above, where the main premise comes first)

∃_xA→ ∀_x(A→B)→B (x /∈FV(B)), A∧B→(A→B →C)→C,

A∨B→(A→C)→(B →C)→C.

To understand the axioms for coinductive predicates note that the conjunction of the k clauses (9) of an inductive predicateI is equivalent to

∀_~_x(WW

i<k

∃_~_x_i( VV

ν<ni

A_iν(I)∧~x≡~t_i)→I~x).

Definition (Closure and greatest-fixed-point axioms). For an inductive predicate µ_X(∀_~_x_i((A_iν(X))_ν<n_i → X~t_i))_i<k =: I we define its dual ^coI by the closure axiom ^coI⁻ and thegreatest-fixed-point axiom ^coI⁺:

coI⁻:∀_~_x(^coI~x→ WW

i<k

∃_~_x_i( VV

ν<ni

Aiν(^coI)∧~x≡~ti)) (11)

coI⁺:∀_~_x(X~x→ WW

i<k

∃_~_x_i( VV

ν<ni

Aiν(^coI∪X)∧~x≡~ti))→X⊆^coI.

(12)

(^coI ∪X was inductively defined above). The axiom expresses that every

“competitor” X satisfying the closure axiom is contained in ^coI. We take all substitution instances of ^coI⁺, ^coI⁻ (w.r.t. substitutions for type and predicate variables) as axioms.

Again we have used a “strengthened” form of the “step formula”, with A_iν(^coI∪X) rather thanA_iν(X). In applications of the greatest-fixed-point axiom this simplifies the proof of the “step”, since its conclusion is weaker.

Remark. The greatest-fixed-point axiom (12) could be written as

∀_~_x(X~x→ ∀_~_x(X~x→ WW

i<k

∃_~_x_i( VV

ν<ni

A_iν(^coI∪X)∧~x≡~t_i))→^coI~x).

Then its type will be the type of the corecursion operator^coR^τ_ι taken as the

“computational content” (cf. Section 4.1) of the greatest-fixed-point axiom

(11)

for^coI. Therefore in the implementation of TCF this form is used. However, for readability we prefer the form (12) in the present notes.

Remark. Instead of Leibniz equality ≡in (11) and (12) we could also use a different equality relation, for instance the n.c. variant .

=^ncof pointwise equality to be introduced in Section 3.3. This leads to a new variant of^coI. Examples. 1. To show how to construct the dual ^coI of an inductive predicate I we consider the predicate Even. The conjunction of its two clauses is equivalent to

∀_n(n≡0∨ ∃_n⁰(n⁰ ∈Even∧n≡S(Sn⁰))→n∈Even).

Now the dual ^coEven of Even is defined by its closure axiom ^coEven⁻:

∀_n(n∈^coEven→n≡0∨ ∃_n⁰(n⁰ ∈^coEven∧n≡S(Sn⁰))) and its greatest-fixed-point axiom ^coEven⁺:

∀_n(Xn→n≡0∨ ∃_n⁰(n⁰ ∈(^coEven∪X)∧n≡S(Sn⁰)))→X⊆^coEven.

Also for ^coEven from these axioms we can prove an inversion property:

n∈^coEven↔n≡0∨ ∃_n⁰(n⁰ ∈^coEven∧n≡S(Sn⁰)).

“→”. Use the closure axiom. “←”. Use ^coEven⁺, with competitor X :=

{n|n≡0∨ ∃_n⁰(n⁰ ∈^coEven∧n≡S(Sn⁰))}. It suffices to prove the premise of^coEven⁺for thisX. Assumenwithn≡0∨∃_n⁰(n⁰∈^coEven∧n≡S(Sn⁰)).

The goal is n≡0∨ ∃_n⁰(n⁰∈(^coEven∪X)∧n≡S(Sn⁰)). We argue by cases on the assumed disjunction. In the first case we are done. In the second case take the n⁰ provided.

2. Consider the algebra Yof binary trees. We want to represent the set of cototal binary trees (cf. Section 2.1.6) by a coinductively defined predicate

coT_Y. Recall that the conjunction of the two clauses of T_Y is equivalent to

∀_t((t≡ −)∨ ∃_t₁_,t₂(t1, t2 ∈TY∧t≡Ct1t2)→t∈TY.)

Since T_Y is the least predicate with this property we even have equivalence

∀_t(t∈T_Y↔(t≡ −)∨ ∃_t₁_,t₂(t₁, t₂ ∈T_Y∧t≡Ct₁t₂)),

called inversion property on page 52. Now how can we formally represent cototality of a binary tree? The idea is to define ^coT_Y as the largest set satisfying the equivalence. Formulated differently, cototal ideals are not built from initial objects by construction (synthesized), but rather defined by the property that they can always be destructed (analysed). Therefore we require

coT_Y⁻:∀_t(t∈^coT_Y→(t≡ −)∨ ∃_t₁_,t₂(t₁, t₂∈^coT_Y∧t≡Ct₁t₂))

(12)

A set built by construction steps (synthesis) is meant to be the least set closed under these steps. Similary, a set described by destruction (analysis) is meant to be the largest set closed under destruction. Hence we require

coT_Y⁺:∀_t(t∈X →(t≡ −)∨ ∃_t₁_,t₂(t1, t2 ∈^coT_Y∪X∧t≡Ct1t2))→ X⊆^coTY.

coT_Y⁺ expresses that every competitor X satisfying the closure property is below ^coTY. As an example of how to use these axioms we prove that the equivalence above holds for ^coT_Y as well:

∀_t(t∈^coT_Y↔(t≡ −)∨ ∃_t₁_,t₂(t₁, t₂ ∈^coT_Y∧t≡Ct₁t₂)),

“→”. Use the closure axiom ^coT_Y⁻. “←”. Use ^coT_Y⁺, with competitorX :=

{t|(t≡ −)∨∃_t₁_,t₂(t1, t2 ∈^coTY∧t≡Ct1t2)}. It suffices to prove the premise of ^coT_Y⁺ for thisX. Assumetwith (t≡ −)∨ ∃_t₁_,t₂(t1, t2 ∈^coTY∧t≡Ct1t2).

The goal is (t≡ −)∨ ∃_t₁_,t₂(t₁, t₂ ∈^coT_Y∪X∧t≡Ct₁t₂). We argue by cases on the assumed disjunction. In the first case we are done. In the second case take the t₁, t₂ provided.

For n.c. inductive or coinductive predicates the axioms are formed as in the c.r. case, using ∨^nc for the closure axiom of ^coI^nc. But there is an important restriction: for I^nc with more than one clause the elimination axiom (I^nc)⁻ can only be used with a non-computational competitor predicate. This is needed in the proof of the soundness theorem. However, this restriction does not apply toI^ncdefined by one clause only. Important examples of such one-clause-ncinductive predicates are Leibniz equality and the non-computational variants of the existential quantifier and of conjunction.

Generally, an inductive predicate is always contained in its dual.

Lemma 3.2.1. I ⊆^coI, I^nc⊆^coI^nc.

Proof. The least-fixed-point axiom (10) for I (i.e.,I⁻) is equivalent to

∀_~_x(WW

i<k

∃_~_x_i( VV

ν<ni

Aiν(I∩X)∧~x≡~ti)→X~x)→I ⊆X.

It suffices that its premise holds with ^coI for X. To this end we use the greatest-fixed-point axiom (12) (i.e., ^coI⁺), with the competitor predicate

X:={~x| WW

i<k

∃_~_x_i( VV

ν<ni

A_iν(I∩^coI)∧~x≡~t_i)}.

This means that we have to show the premise of (12) with this X, i.e.,

∀_~_x(X~x→ WW

i<k

∃_~_x_i( VV

ν<ni

Aiν(^coI∪X)∧~x≡~ti)).

But if we unfold the premise X~x, this follows from I ∩^coI ⊆ ^coI∪X. For

I^nc the proof is similar.

(13)

Remark. In case of an inductive predicate with non-recursive clauses only also the reverse inclusions ^coIι ⊆Iι,^coI^nc⊆I^nc. Hence it is not necessary to consider^coI. Examples are the inductively defined logical connectives

∃,∧,∨ with assigned algebras product×, sum + and uysum,ysumu, where the algebras uysum(α), ysumu(α) replace U+α,α+U.

Lemma 3.2.2. I ⊆I^nc, ^coI ⊆^coI^nc.

Proof. Let I :=µ_X(∀_~_x_i((A_iν(X))_ν<n_i →X~t_i))_i<k.

For I ⊆ I^nc we use the elimination axiom (10) with I^nc as competitor predicate:

(∀_~_x_i((A_iν(I∩I^nc))_ν<n_i →I^nc~t_i))_i<k →I ⊆I^nc.

It suffices to prove the premises. Let i < k, fix ~xi and assume Aiν(I∩I^nc) for all ν < ni. Since Aiν(X) is strictly positive inX we obtainAiν(I^nc) for all ν < ni and hence I^nc~xi by (I^nc)⁺_i .

For ^coI ⊆ ^coI^nc we use the greatest-fixed-point axiom for ^coI^nc with ^coI as competitor predicate:

∀_~_x(X~x→ WW

i<k

∃_~_x_i( VV

ν<ni

Aiν(^coI^nc∪^coI)∧~x≡~ti))→^coI ⊆^coI^nc. It suffices to prove the premise, which again follows from the fact thatAiν(X)

is strictly positive in X.

Recall that for the n.c. Leibniz equality the introduction axiom isx^ρ≡x^ρ and the elimination axiom is x≡y→ ∀_xXxx→Xxy. From this definition we can deduce the property Leibniz used as a definition.

Lemma 3.2.3 (Compatibility of EqD). ∀_x,y(x≡y→A(x)→A(y)).

Proof. By the elimination axiom withX:={x, y|A(x)→A(y)}.

Using compatibility of ≡ one easily proves symmetry and transitivity.

Define falsity byF:= (ff ≡tt).

Theorem 3.2.4 (Ex-falso-quodlibet). For every formula A we can derive F → A from assumptions EfY :∀_~_x(F → Y ~x) for predicate variables Y strictly positive in A, and Ef_I:∀_~_x(F → I~x) for inductive predicates I without a nullary clause.

Proof. We first show Ef_EqD:F→x^ρ≡y^ρ. To see this, we first obtain R^ρ_Bffxy ≡ R^ρ_Bffxy from the introduction axiom. Then from ff ≡ tt we get R^ρ_Bttxy ≡ R^ρ_Bffxy by compatibility. Now R^ρ_Bttxy converts to x and R^ρ_Bffxy converts toy. Hencex^ρ≡y^ρ, since we identify terms with a common reduct.

The claim can now be proved by induction on A. Case I~s. IfI has no nullary clause take EfI. Otherwise let Ki be the nullary clause, with final conclusion I~t. By induction hypothesis fromF we can derive all parameter

(14)

premises. Hence I~t. From F we also obtain s_i ≡t_i, by the remark above.

Hence I~s by compatibility. Case ^coI~s. Use Lemma 3.2.1. The cases Y ~s,

A→B and ∀_xAare obvious.

A crucial use of the equality predicate EqD is that it allows us to lift a boolean term t^B to a formula, using atom(t^B) := (t^B ≡tt). This opens up a convenient way to deal with equality on algebras. The computation rules ensure that, for instance, the boolean term St =_N Ss, or more precisely

=_N(St, Ss), is identified with t =_N s. We can now turn this boolean term into the formula (St=N Ss)≡tt, which again is abbreviated by St=N Ss, but this time with the understanding that it is a formula. Then (importantly) the two formulas St =N Ss and t =N s are identified because the latter is a reduct of the first. Consequently there is no need to prove the implication St=_N Ss→t=_Nsexplicitly.

Remark. One might wonder whether the weak (or classical) existential quantifier ˜∃_xA is the same as the non-computational existential quantifier

∃^nc_x A, since both in some sense computationally disregard the quantified variable x and the kernelA. We will argue that both quantifiers are equivalent if and only if a certain (non-computational) Markov axiom holds.

Note first that in our comparison we should use the arithmetical form

∃˜_xA := ∀_x(A → F) → F rather than the logical form ∀_x(A → ⊥) → ⊥ of the weak existential quantifier. Otherwise there can be no relation, because

⊥ is a predicate variable with computational content.

Clearly ∃^nc_x A implies ˜∃_xA, by (∃^nc)⁻ (take F for B). However, the converse is problematic. We do have an elimination scheme for ˜∃_xA as well, but only for formulas B satisfying ((B → F) → F) → B. This means that for the converse we need a Markov axiom for the (non-computational) formula ∃^nc_x A:

(13) ((∃^nc_x A→F)→F)→ ∃^nc_x A;

from ˜∃_xA→ ∃^nc_x Awe can easily derive (13). Although usage of such an n.c.

axiom does not have any effect on computational content, we prefer to avoid it.

3.3. Equality and extensionality w.r.t. cotypes

The notion of equality is of central importance in any mathematical theory involving higher type objects. In our setting allowing infinite base type data the distinction between least and greatest fixed points µXK~ and ν_XK~ must be taken into account. This is already so at closed base types:

similarity ∼_N and bisimilarity≈_N are very different concepts. However, this difference is ignored in the definition of the type τ(C) of a c.r. predicate or

(15)

3.3. EQUALITY AND EXTENSIONALITY W.R.T. COTYPES 59

formula C. We therefore refine the definition of typeτ(C) tocotype ϕ(C).

Using ideas from Gandy (1953, 1956) and Takeuti (1953) we can define a more appropriate concept of (pointwise) equality .

=_ϕ, which is relative to a cotype ϕ. Extensionality Ext_ϕ relative to ϕ is defined by (x ∈ Ext_ϕ) :=

(x .

=ϕ x). We write .

=_C for .

=_ϕ(C) and Ext_C for Ext_ϕ(C).

3.3.1. Equality for closed base types. We take the algebra Y of binary trees as an example of a closed base type. In previous examples we have seen that the set of total binary trees can be represented by an inductive predicate T_Y (page 52), and that the set of cototal binary trees can be represented by a coinductive predicate^coTY(page 55). As candidates for equality we define binary versions of T_Y and ^coT_Y, called similarity ∼_Y and bisimilarity ≈_Y. The introduction axioms for∼_Y are

(∼_Y)⁺₀ :− ∼_Y−, (∼_Y)⁺₁ :∀_t₁_,t⁰

1(t1 ∼_Yt⁰₁→ ∀_t₂_,t⁰

2(t2∼_Yt⁰₂ →Ct1t2 ∼_YCt⁰₁t⁰₂)) and the elimination axiom is ∼⁻_Y:

X(−,−)→

∀_t₁_,t₂((t1 ∼_Y t2∧Xt1t2)→ ∀_t⁰

1,t⁰₂((t⁰₁ ∼_Yt⁰₂∧Xt⁰₁t⁰₂)→X(Ct1t2,Ct⁰₁t⁰₂)))→

∼_Y⊆X.

The elimination (or closure) axiom for ≈_Y is ≈⁻_Y:

∀_t,t⁰(t≈_Yt⁰→((t≡ −)∧(t⁰ ≡ −))∨

∃_t₁_,t₂_,t⁰

1,t⁰₂(t₁ ≈_Y t⁰₁∧t₂≈_Yt⁰₂∧t≡Ct₁t₂∧t⁰ ≡Ct⁰₁t⁰₂)) and the introduction (or greatest-fixed-point or coinduction) axiom is≈⁺_Y:

∀_t,t⁰(Xtt⁰ →((t≡ −)∧(t⁰ ≡ −))∨

∃_t₁_,t₂_,t⁰

1,t⁰₂((t₁ ≈_Y t⁰₁∨Xt₁t⁰₁)∧(t₂ ≈_Yt⁰₂∨Xt₂t⁰₂)∧ t≡Ct₁t₂∧t⁰ ≡Ct⁰₁t⁰₂))→

X⊆^coTY.

As an instance of Lemma 3.2.1 we have ∼_Y⊆ ≈_Y.

We now aim at using∼_Yand ≈_Y for a characterization of equality atT_Y and ^coTY. This is useful because it gives us a tool (induction, coinduction) to prove equalities t≡t⁰, which otherwise would be difficult. We will need another axiom, the Bisimilarity Axiom, which is justified be the fact that it holds in our intended model (cf. Lemma 2.1.7).

Axiom (Bisimilarity). ∀_t,t⁰(t≈_Yt⁰→t≡t⁰).

Lemma 3.3.1 (Characterization of equality at T_Y and^coT_Y).

(16)

(a) ∀_t,t⁰(t∼_Yt⁰ ↔t, t⁰∈T_Y∧t≡t⁰).

(b) ∀_t,t⁰(t≈_Yt⁰ ↔t, t⁰∈^coTY∧t≡t⁰).

Proof. (b). The proof of Lemma 2.1.8 has been given in enough detail to make its formalization immediate. We need ^coT_Y^±,≈^±_Y.

(a). Similar to (b), using T_Y^±, ∼^±_Y instead. For the proof of t ∼_Y t⁰ →

t≡t⁰ use (b) and∼_Y⊆ ≈_Y.

Corollary 3.3.2.

(a) ∀_t(t∼_Yt↔t∈T_Y).

(b) ∀_t(t≈_Yt↔t∈^coT_Y).

Proof. Immediate from Lemma 3.3.1.

Corollary 3.3.3.

(a) ∼_Y is an equivalence relation on TY. (b) ≈_Y is an equivalence relation on ^coT_Y.

Proof. Immediate from Lemma 3.3.1.

Remark. For closed base types like Y we can also relate ∼_Y to the binary boolean-valued function =Y: Y → Y → B defined in Section 2.2.1.

One easily proves that

∀_t(t∈TY→t=t),

∀_t(t∈TY→ ∀_t⁰(t⁰∈TY→t=t⁰ →t∼_Yt⁰)).

Usage of =_Y has the advantage that proofs may become shorter, since we identify terms with a common reduct.

3.3.2. Equality at higher type levels. Using cotypes we refine the assignment given in Section 3.1 (page 47) of a type τ(C) to a predicate or formula C.

Definition (Cotypeϕ(C) of a c.r. predicate or formula C). Assume a global injective assignment of type variablesξ to c.r. predicate variablesX^c.

ϕ(X^c) :=ξ, ϕ({~x|A}) :=ϕ(A),

ϕ(I(~ρ, ~P)) :=ιI(ϕ(P~^c)), ϕ(^coI(~ρ, ~P)) :=

(ι_I(ϕ(P~^c)) ifι_I is a non-recursive algebra

coι_I(ϕ(P~^c)) otherwise, ϕ(P~t) :=ϕ(P),

(17)

3.3. EQUALITY AND EXTENSIONALITY W.R.T. COTYPES 61

ϕ(A→B) :=

(ϕ(A)→ϕ(B) ifA is c.r.

ϕ(B) ifA is n.c., ϕ(∀_xA) :=ϕ(A)

where P~^c are the c.r. predicates among P~ and ιI is the algebra associated with the predicate I.

In case of a non-recursive algebra ι_I the marking^coι_I is not necessary, because we not only have I_ι ⊆^coI_ι, but also the reverse inclusion^coI_ι ⊆I_ι.

Examples. ϕ(∼_N) =Nand ϕ(≈_N) =^coN are cotypes, and ϕ(∼_L(∼_N)) =L(N),

ϕ(∼_L(≈_N)) =L(^coN), ϕ(≈_L(∼_N)) =^coL(N), ϕ(≈_L(≈_N)) =^coL(^coN).

Similarly, ϕ(T_N) =Nand ϕ(^coT_N) =^coN are cotypes, and ϕ(T_L(T_N)) =L(N),

ϕ(T_L(^coT_N)) =L(^coN), ϕ(^coTL(TN)) =^coL(N), ϕ(^coTL(^coTN)) =^coL(^coN).

As a preparation for the definition of pointwise equality at higher type levels we generalize the examples of the predicate forms ∼_L, ≈_L, T_L and

coTL on page 46 from listsLto arbitrary algebra forms.

Definition (Similarity and bisimilarity). For every algebra formιwith type parameters ~α we define two predicate forms ∼_ι, ≈_ι (called relative similarity and relative bisimilarity) with type parameters α~ and predicate parametersY~ (whereYihas arity (αi, αi)) as follows. Let~α→(ξ)i<n→ξbe a constructor type. Take (µ/ν)_Z(K~ ), where the clause for the constructor type above is

Y1u1u⁰₁ → · · · →Ynunu⁰_n→Zv1v₁⁰ → · · · →Zvmv⁰_m→Z(C~u~v,C~u⁰~v) with C the corresponding constructor of ι. (Absolute) similarity / bisimilarity predicates arise from the relative ones by substituting a similarity / bisimilarity predicate for Y.

Definition (Pointwise equality .

=ϕ w.r.t. a cotype ϕ). By recursion on lev(ϕ) with a subordinate recursion on the height |ϕ| we define pointwise