Proceedings of the 7th & 8th Asian Logic Conferences: Hsi-Tou, Taiwan, 6-10 June 1999, Chongqing, China, 29 August-2 September 2002

PROCEEDINGS

OF

ASIAN L O G I C Conferences

h

This page intentionally left blank

PROCEEDINGS

OF THE

ASIAN L O G I C

h

Conferences 6 - 10 June 1999 29 August - 2 September 2002

Hsi-Tou, Taiwan

Chongqing, China editors

Rod Downey Victoria University of Wellington, New Zealand

Ding Decheng Nanjing University, China

Tung Shih Ping Chung Yuan Christian University, Taiwan

Qiu Yu Hui Southwest China Normal University, China

Mariko Yasugi Kyoto Sangyo University,Japan

associate editor

Guohua Wu Victoria Universiiy of Wellington, N e w Zealand

SINGAPORE UNIVERSITY PRESS NATIONAL UNIVERSITY OF SINGAPORE

Y

World Scientific

N E W JERSEY * L O N D O N * SINGAPORE

SHANGHAI

*

HONG KONG

TAIPEI

BANGALORE

Published by

Singapore University Press Yusof Ishak House, National University of Singapore 31 Lower Kent Ridge Road, Singapore 119078 and World Scientific Publishing Co. Pte. Ltd. 5 Toh Tuck Link, Singapore 596224 USA ofice: Suite 202,1060 Main Street, River Edge, NJ 07661 UK ofice: 57 Shelton Street, Covent Garden, London WC2H 9HE

British Library Cataloguing-in-PublicationData A catalogue record for this book is available from the British Library

PROCEEDINGS OF THE 7TH AND 8TH ASIAN LOGIC CONFERENCES Copyright 0 2003 by Singapore University Press and World Scientific Publishing Co. Pte. Ltd. All rights reserved. This book, or parts thereof, may not be reproduced in any form or by any means, electronic or mechanical, includingphotocopying, recording or any information storage and retrieval system now known or to be invented, without written permission from the Publisher.

For photocopying of material in this volume, please pay a copying fee through the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, USA. In this case permission to photocopy is not required from the publisher.

ISBN 981-238-261-5

Printed in Singapore by World Scientific Printers (S) Pte Ltd

V

PREFACE

The Asian Logic Conference has occurred every three years since its inception in Singapore in 1981. It rotates among countries in the Asia Pacific region with interests in the broad area of logic including theoretical computer science. It is now considered a major conference in this field and is regularly sponsored by the Association for Symbolic Logic. This volume contains papers, many of them surveys by leading experts, of both the 7th meeting in Hsi-Tou, Taiwan, and the 8th in Chongqing, China. A separate volume was in a state of formation after the 7th meeting, when all of the files were lost following a devastating earthquake in Taiwan. Those who had attended the Hsi-Tou meeting were shocked to learn that many of the buildings where we had had our meeting had been completely destroyed. In view of the time that had passed because of consequential delays, a decision was taken to combine the two meetings into one volume. We were very pleased t o find that World Scientific were enthusiastic to support this venture. Authors were invited to submit articles to the present volume, based around talks given a t either meeting. In particular, this allowed for the updating of papers from the 7th meeting. The editors were very concerned to make sure that the planned volume was of high quality. All of the submitted papers were fully refereed, with somewhat over half being accepted for the final volume. We think the resulting volume is fairly representative of the thriving logic groups in the Asia-Pacific region, and also fairly representative of the meetings themselves. For the record, here is a list of main speakers from the two meetings: 8th Asian Logic Meeting: Akihiro Yamamoto (Japan) Sergei Goncharov (Russia) Rod Downey (New Zealand) Bhakhadyr Khoussainov (New Zealand) Robert Goldblatt (New Zealand) Yang Yue (Singapore) Li Angsheng (China) Su Kaile (China) Klaus Weihrauch (Germany) Masahiro Hamano (Japan)

vi

7th Asian Logic Meeting: Felipe Cucker (Hong Kong) Rod Downey (New Zealand) Michael Dunn (USA) Ellery Eells (USA) Byunghan Kim (USA) Ker-I KO (USA) Masanao Ozawa (Japan) Gaisi Takeuti (USA) Stevo Todorcevic (Canada) Akito Tsuboi (Japan) Johan van Benthem (Netherlands) We hope that you enjoy the resulting volume. Sincerely yours, the editors: Rod Downey, Ding Decheng, Tung Shih Ping, Qiu Yu Hui, Mariko Yasugi, and WU Guohua.

vi i

CONTENTS Elementary Properties of Rogers Semilattices of Arithmetical Numberings S. A . Badaev, S. S. Goncharov and A . Sorbi

1

Five Puzzles about Mathematics in Search of Solutions C. S. Chihara

11

Complexity Classes over the Reals: A Logician’s Viewpoint F. Cucker

39

Computability, Definability and Algebraic Structures R. Downey

63

Trivial Reals R. G. Downey, D. R. Hirschfeldt, A . Naes and F. Stephan

103

Popper and Miller, and Induction and Deduction E. Eells

132

Enlargements of Polynomial Coalgebras R. Goldblatt

152

A Layered Approach to Extracting Programs from Proofs with an Application in Graph Theory J. Jeavons, B. Basit, I. Poernomo and J. N. Crossley

193

A Common Structure of Logical and Algebraic Algorithms Y. Kawaguchi

222

Games on Graphs: Automata, Structure, and Complexity B. Khoussainov and T. Kowalski

234

Computational Complexity of Fractals K.-I. KO

252

Vlll

Definability in Local Degree Structures - A Survey of Recent Results Related to Jump Classes

270

A . La and Y. Yang A Limit Stage Construction for Iterating Semiproper Preorders

303

T. Miyamoto An Application of N D J P R O to ~ the Catch and Throw Mechanism M. Nakata, N. Saneto and M. Yasugi The Curry-Howard Isomorphism Adapted for Imperative Program Synthesis and Reasoning I. Poernomo and J. N. Crossley

328

343

Phase-Valued Models of Linear Set Theory M. Shirahata

377

A Problem on Theories with a Finite Number of Countable Models

398

A . Tsuboi Probabilistic Logic Programming with Inheritance J. Wang, S. Ju, X . Luo and J. Hu Sequent Systems for Classical and Intuitionistic Substructural Modal Logics

409

423

0. Watari, T. Ueno, K . Nakatogawa, M. F. Kawaguchi and M. Miyakoshi Diamond Embeddings into the D.C.E. Degrees with 0 and 1 Preserved G. Wu

443

1

ELEMENTARY PROPERTIES OF ROGERS SEMILATTICES OF ARITHMETICAL NUMBERINGS *

S. A. BADAEV Kazakh National University, 39/47 Masanchi Street, Almaty, 480012, Kazakhstan E-mail: badaevOmath.kz

S . S . GONCHAROV Institute of Mathematics of SB R A S , 4 Koptyug Avenue, Novosibirsk, 630090, Russia E-mail: gonchar @math.nsc. ru A. SORB1 Dipartimento di Scienze Matematiche ed Info rmati ch e ”Roberto Mag ari ”, Via del Capitano 15, 531 00 Siena, Italy E-mail: [email protected]

We investigate differences in the elementary theories of Rogers semilattices of arithmetical numberings, depending on structural invariants of the given families of arithmetical sets. It is shown that at any fixed level of the arithmetical hierarchy there exist infinitely many families with pairwise elementary different Rogers semilattices.

1. Preliminaries and Background

For unexplained terminology and notations concerning computability theory, our main references are the textbooks of A.I. Mal’tsev [l],H. Rogers [2] and R. Soare [3]. For the main concepts and notions of the theory of numberings we refer to the book of Yu.L. Ershov [4]. *This work is supported by grant INTAS-00-499

2

Definition 1.1. A surjective mapping a of the set w of natural numbers onto a nonempty set A is called a numbering of A. Let a and p be numberings of A. We say that a numbering a is reducible to a numbering /3 (in symbols, a p) if there exists a computable function f such that a(n) = P ( f ( n ) )for any n E w . We say that the numberings a and ,B are equivalent (in symbols, a = P ) if a P and /3 a.


O

In a similar way one defines the digital arithmetical hierarchy DPHR. An example of a set in NPR is 4-FEAS, the set of polynomials of degree four which have a real root. A polynomial f is considered as an element in IR" by coding it by the sequence of its coefficients. Note that if f has n variables, then it has C?(n4)coefficients. Given such an f and a guess z (which we suppose of size n) a machine deciding 4-FEAS just computes f(z)and accepts if this is zero rejecting otherwise. The set 4-FEAS is also an example of a "difficult" NPR problem in a precise sense. The following is proven in [5] where the definition of NPRcompleteness can also be found.

43

Theorem 2.1. (151) T h e set 4-FEAS is NPR-complete for reductions in P R. 0 Parallelism can also be considered for computations over the reals. We shall now briefly recall a parallel computational model. Let the sign function sign : R

+ {0,1}

be defined by sign (2)= 1 if z 2 0 and 0 otherwise.

Definition 2.3. An algebraic circuit C over R is an acyclic directed graph where each node has indegree 0, 1 or 2. Nodes with indegree 0 are either labeled as input nodes or with elements of R (we shall call them constant nodes). Nodes with indegree 2 are labeled with the binary operators of R, i.e. one of {+, X , -, /}. They are called arithmetic nodes. Nodes with indegree 1 are either sign nodes or output nodes. All the output nodes have outdegree 0. Otherwise, there is no upper bound for the outdegree of the other kind of nodes. Occasionally, the nodes of an algebraic circuit will be called gates. For an algebraic circuit C, the size of C, is the number of gates in C. The depth of C, is the length of the longest path from some input gate to some output gate. Let C be an algebraic circuit with n input gates and m output gates. Then, to each gate g we inductively associate a function fg : R" + IR. We shall refer to the function ipc : Rn -+ R" associated to the output gates as the function computed by the circuit.

Definition 2.4. Let f : IR" + IR". We shall say that the family of algebraic circuits {C}>,, - computes f , when for all n 2 1 the function computed by C, is the restriction of f to Rn C R". We now require a condition on the whole family {Cn},>l in order to ensure that its elements are not too unrelated as well as to ensure a finite description of the machine model. Gates of algebraic circuits can be described with five real numbers in a trivial way (see, e.g. [4]). Therefore, a circuit of size li can then be described by a point in IR5k.

Definition 2.5. A family of circuits {C,},,, is said to be u n i f o r m if there exists a machine M that returns the description of the ith gate of C, with input (n,i). In case that i > Ic, the number of gates of C,, M returns

44

(i,0, 0, 0,O). If M works in time bounded by O(log n) we shall say that the family is L-uniform, if M works in time O ( n k )for some positive integer k we shall say that the family is P-uniform. We now define some parallel complexity classes by bounding the depth and size of uniform families of circuits. For further details about these classes see [4,7,8]. Definition 2.6. Define NCL for Ic 2 1to be the class of sets S C IR" such that there is a L-uniform family of algebraic circuits {C,} having size polynomial in n and depth O(logk n ) that computes the characteristic function of S. The union of the N C k is denoted by NCR. We define PARR to be the class of all sets S C R" such that there is a P-uniform family of algebraic circuits {C,} having depth polynomial (and therefore size exponential) in n that computes the characteristic function of S. Also, we define FPARm to be the class of functions f : R" + R" such that 1 f (.)I = ( x ( ~for ( ~all) x E R" and f can be computed by a P-uniform family of algebraic circuits {C,} having depth polynomial and size exponential in n. 3. Descriptive complexity over R 3.1. Logics o n lR-structures In this section we first recall basic notions of R-structures and their logics. A main reference is [14]where these concepts were first introduced. We suppose the reader familiar with the main terminology of logic as well as with the concepts of vocabulary, first-order formula or sentence, interpretation and structure (see for example [ll]). Definition 3.1. Let L,, L f be finite vocabularies where L, may contain relation and function symbols, and L f contains function symbols only. A R-structure of signature u = (L,, L f ) is a pair 3 = (U, F)consisting of (i) a finite structure U of vocabulary L,, called the skeleton of D, whose universe A will also be said to be the universe of D, and (ii) a finite set F of functions X : Ak + R interpreting the function symbols in L f . We shall denote the set of all R-structures of signature u by StructR(a). Definition 3.2. Let 3 be a IR-structure of skeleton 'u. We denote by IAl the cardinality of the universe A of 'u. A R-structure D = (U,F) is ranked if there is a unary function symbol r E L f whose interpretation p

45

in T bijects A with (0, 1,. . . , IAl - 1). The function p is called ranking. A k-ranking on A is a bijection between Ak and {0,1,. . . , IAlk - 1).

3.2. First-order logic Fix a countable set V = {vo,01,. . . } of variables. These variables range only over the skeleton; we do not use element variables taking values in R.

Definition 3.3. The language FOR contains, for each signature (T = (L,, L f ) a set of formulas and terms. Each term t takes, when interpreted in some R-structure, values in either the skeleton, in which case we call it an index term, or in R,in which case we call it a number term. Terms are defined inductively as follows (i) The set of index terms is the closure of the set V of variables under applications of function symbols of L,. (ii) Any real number is a number term. (iii) If h l , . . . , hk are index terms and X is a k-ary function symbol of L f then X ( h 1 , .. . ,hk) is a number term. (iv) If t ,t' are number terms, then so are t t', t - t', t x t', t/t' and sign ( t ).

+

Atomic formulas are equalities hl = h2 of index terms, equalities tl = t z and inequalities tl < tz of number terms, and expressions P ( h 1 , .. . ,hk) where P is a k-ary predicate symbol in L , and h l , . . . ,hk are index terms. The set of formulas of FOR is the smallest set containing all atomic formulas and which is closed under Boolean connectives and quantification (3v)lc, and (Vv)lc,. Note that we do not consider formulas (3x)lc, where x ranges over R.

Remark 3.1. The interpretation of formulas in FOR on a R-structure 9 is clear. The only remark to be done is that, as with circuits, in order to have this interpretation well defined, we understand that z/O = 0 for all x E R. Example 3.1. Let L, be the empty set and L j be { r , X } where both function symbols have arity 1. Then, a simple class of ranked R-structures with signature (L,, L j ) is obtained by letting U be a finite set A , r9 any ranking on A and XD any unary function X D : A + R. Since r9 bijects A with {0,1,.. . ,n - l} where n = / A [ ,this R-structure is a point XD in IR". Conversely, for each point z E Rm there is an R-structure 9 such that x = XD. Thus, this class of structures models R".

46

On the other hand any R-structure 9 = (U,F)can be identified with a vector e ( 9 ) E IR" using a natural encoding. To this aim choose a ranking on A. Without loss of generality the skeleton of D can be assumed to consist of the plain set A only by replacing all functions and relations in L, by their corresponding characteristic functions -the latter being considered as elements of the set F. Now using the ranking each of the functions X in T can be represented by a vector vx E IR" for some appropriate m. The concatenation of all these vx yields the encoding e ( 9 ) E R". Note that the length of e ( 9 ) is polynomially bounded in IAI; moreover for all R-structures D, all rankings E on A and all functions X : Ak -+ R the property that X represents the encoding e ( 9 ) of 9 with respect to E is first-order expressible (see [14]). Example 3.1 allows us to speak about complexity classes among IRstructures. If S is a set of IR-structures closed under isomorphisms, we say that S belongs to a complexity class C over the reals if the set {e(D) I 9 E S } belongs to C.

Example 3.2. If D is a R-structure of signature ( L s ,L f ) and r E L f is a unary function symbol we can express in first-order logic the requirement that r is interpreted as a ranking in 9. This is done by the sentence

r is injective A 30 r ( o ) = 0 A Vu [u# o +-( r ( o )< r ( u )A 3v r ( u ) = r(v)+l)]. Remark 3.2. If p is a ranking on A and IAl = n then, there are elements 0,1 E A such that p(o) = 0 and p(1) = n - 1. Note that these two elements are first-order definable in the sense that they are the only elements in A satisfying

vv (v #

0

* P(0)


< P(1))

respectively. We shall take advantadge of this property by freely using the symbols o and 1 as symbol constants that are to be interpreted as the first and last elements in A with respect to the ranking p. Note that, in particular, this allows us to use the symbol n to denote the cardinality of A since n = p(1) 1.

+

Remark 3.3. Any ranking p induces, for all k 2 1 a Ic-ranking pk on A by lexicographical ordering. Note that pk is definable in the sense that for all

47

(211,

... , ~ k €) A k p k ( v l , .. . , v k ) = p(vl)n"'

+ p(v2)nk-2+ . . . + p(vk).

Again, we will take advantadge of this to freely use the symbol pk to denote the k-ranking induced by p on A. The expressive power of first-order logic is not too big.

Proposition 3.1. Let u be a signature, cp a first-order sentence and S = {D E StructR(u) I D cp}. Then S E NCh. 3.3. Fixed point first-order logic

A first-order number term F(?) with free variables ? = ( t l ,. . . , t r ) is interpreted in a R-structure 9 with universe A as a function F 9 : A' + R. Fixed point first-order logic enhances first-order logic with the introduction of two grammatical rules to build number terms: the maximization rule and the fixed point rule. The first one, allows some form of quantification for describing F m and the second one, the definition of F9 in an inductive way. For simplicity, in the rest of this paper we restrict attention to functional R-structures, i.e. R-structures whose signatures do not contain relation symbols. This represents no loss of expressive power since we can replace any relation P C Ak by its characteristic function x p : Ak + IR. We first define the maximization rule MAXL.

Definition 3.4. Let F(s,?) be a number term with free variables s and ? = ( t l ,... ,tr). Then max F ( s , f ) S

is also a number term with free variables 3. Its interpretation in any Rstructure 9 and for any point u E A' interpreting ? is the maximum of F9 ( a ,u)where a ranges over A.

Example 3.3. If the signature contains a symbol r which is interpreted as a ranking, then we can define the size n of the universe with the number term maxr(s) 1. S

+

Definition 3.5. We denote by FOm+MAXk the logic obtained by adding to FOR the maximization rule.

48

The expressive power gained by allowing the maximization rule lies in the possibility of writing characteristic functions as number terms. If cp(w1,. . . , v,) is a first-order formula we define its characteristic function ~ [ c p ]on a structure 9 by

where a l , . . . ,aT E A, the universe of D.

Proposition 3.2. For every first-order formula number term in FOR MAX:, describing ~ [ c p ] .

+

cp(w1,.

. . , v,) there is a

We now define the fixed point rule.

Definition 3.6. Fix a signature c = ( L , , L f ) , an integer T 2 1, and a pair ( 2 , D ) of function symbols both of arity T and not contained in this signature. Let F ( 2 ,f) and H ( D ,f) be number terms of signature ( L s ,L f U (2,D } ) and free variables t = (tl,. . . , t T ) .Note that 2 can appear several times in F and we do not require that its arguments are t l , . . . ,t,. The only restriction is that the number of free variables in F coincides with the arity of 2. A similar remark holds for H and D. For any R-structure D of signature (T and any interpretation : A' + R of 2 and A : A' + R of D respectively the number terms F ( 2 , f ) and H ( D ,?) define functions


exists. We get the corollaries we are after.

Corollary 5.1. (Coles, Downey, Slaman [15]) Suppose that G is a rank 1 torsion free Abelian group. Then G has second jump degree. Furthermore, if G has finite type, G has first jump degree. Subsequently, Soskov (private communication) found an elegant proof of the above based on the theory of enumeration degrees. (Actually, if we look closely, the proofs are essentially the same.) Recall that A S e B iff there is a computably enumerable set W such that for all x ,

x E A iff 3u[(x,u)E W A D, C B ] . Here D, denotes the u-th canonical finite set. It is known that enumeration reducibility can be strongly connected with algebra. For instance, Charles Miller I11 (see [50]) proved that given two finitely generated groups GI and Ga, G2 can be embedded into a group finitely presented relative to GI iff G2 is enumeration reducible to G I . This is

84

sometimes called the relative Higmann Embedding Theorem. Enumeration reducibility is also the key here. There is a canonical embedding of the semi-lattice of the Turing degrees into the semi-lattice of the enumeration degrees. The Turing degree of a set A is identified with the enumeration degree of the set A @ A, d, ( A@ A). For any set A define A+ = A @ A. A set A is called total if A -,A+. An enumeration degree is total if it contains a total set. So the Turing degrees are the total enumeration degrees. Notice that A is computably enumerable in B iff A 5, B+ and A 1. Define by means of induction the set Consider n sets Ao, , . . ,A,-1. P(A0,.. . , An-l): 1) P(Ao) = Ao; 2 ) P ( A 0 , .. . ,Ak+l) = P(A0,.. . ,Ak); CB

Ak+l. Let

C'(Ao,.. . ,An-l) = {X@): A. is Cl(X), . . . ,An-l is C , ( X ) } . Theorem 5.3. (Soskov) d,(P(Ao,. . . ,A,-l);) is the least among the degrees of the elements of the set C'(Ao,. . . ,A,-I). Proof. Let P = P(Ao,. . . , An-l). It is sufficient to show that there exists a total X such that X ( " ) zeP,' and Ai is Ci+l(X). Take a total Q such that P 5, Q and P,' G Q'. By [108], Theorem 1.2, there exists a total X such that X ( " - l ) =e Q and Ai is C & , i = 0,. . . , n- 1. Clearly X ( " ) E e P,'. Take A. = . . . = An-2 = 0 and A,-l = A . Then P ( A 0 , .. . ,An-l) = @(,-') @ A . Hence d , ( ( @ ~ ( ~ @ - l )A ) ; ) is the least among the degrees of the 0 elements of C(")( A ) . Soskov observed that his techniques solved a couple of the questions listed at the end of a preliminary version of [15]. One left open was question 2 there, which he interpreted to mean the following. Question 5.1. Characterize the sets X for which the enumeration jump is equivalent to the Turing jump. 6. Computably Enumerable Reals The results at the end of the previous section demonstrated how reducibilities other than Turing reducibility can yield significant insight into the effective content of classical mathematics. Another example of this phenomenon is the use of Ziegler reducibility, a variation of quasi-reducibility (see Downey, LaForte, Nies [29]), to characterize relative algebraic closure in groups. (See [50].) Yet another example is provided by the degrees of computably enumerable bases for subspaces of V, , characterized precisely as the weak truth table degrees below that of the given space. (See Downey and Remmel [31]) In this section we will see yet another example of this phenomenon, and additionally see how this methodology applies to classical analysis. We begin with a simple question, asked for centuries, what is n real? There are several definitionsg, and we list several below. (We consider reals gThese definitions define the relevant real up to equivalence.

86

in (0,l). And no real is rational, for ease of presentation. We remark that an alternative approach is to only look at Cantor Space 2* with basic clopen sets [o] = {aa : a E 2*} which is not homeomorphic to (0,l) but measure-theoretically isomorphic. Here, of course, we are using Lebesgue measure, and have p ( [ a ] )= 2-14.) 0 0

0

a has an infinite (e.g.) decimal expansion, a = .alaz.... a = z n ~ A 2 - ~where , A c N. a = CnE~2-lnl,where A c C*. a is the limit of an increasing sequence of rationals.

Now a computable real would presumably be a computable limit of a computable sequence of rationals, using the Dedekind cut definition. More precisely, there is a computable sequence qi, i = 1,2, ... of rationals such that for any n we can compute an m such that la-q,J < 2-n. Now it is not difficult t o show that this definition coincides with a having a computable decimal expansion, or a = CncA2-n for a computable subset A of N. (See Rice [92].) However, we would get a little stuck if we also claimed that this ( some computable A (0, l}*,as we now is the same as a = C n E ~ 2 - l nfor see. Define a computably enumerable real to be the limit of a computable sequence of rationals. That is, we have a = lim,q, such that we can compute qi for all i. But note that although we know that the sequence converges, we don’t computably know how fast, at least in general. The following theorem is from Calude, Hertling, Khoussainov and Wang [lo]. A set A is called prefix-free iff for all (T E A, and all T with (T an initial segment of 7, r # A.

Theorem 6.1. (Calude et. al. [lo]) The following are equivalent.

(i) a is cornputably enumerable. (ii) The set L ( a ) = {q E Q : q < a } is computably enumerable. hPrefix-free sets are considered for technical reasons since if a set A is prefix-free then, by Kraft’s inequality, we know that C n ~ ~ 2 - l nconverges, l and hence A is measureable. Prefix-free sets are crucial in a proper treatment of (e.g.) randomness, and other complexity issues, for c.e. reals, a fact first realized by Chaitin [ll]. Under Chaitin’s observation of the effectiveness of Kraft’s inequality, shows that computably enumerable prefix-free sets are the measures of the domains of partial computable prefix free machines, in the same way that computably enumerable sets are the domains of partial computable functions.

87

(iii) There is an infinite computably enumerable prefix free set A with a = Cn~A2-ln1. (iv) There is a computable prefix free set A such that a = &A2-lnl. (iv) There is a computable function f ( 2 ,y ) of two variables, such that (iva) If, for some k , s we have f ( k , s + 1) = 0 yet f ( k , s ) = 1 then there is some k' < lc such that f (k',s) = 0 and f (k',s+ 1) = 1. (ivb) a = 'alaz... is a dyadic expansion of a with ai = lim, f ( i , s ) .

(v) There is a computable increasing sequence of rationals with limit ai. The reader should note that (iii) implies (iv) because we always have many strings we can potentially add at some stage. The reader should also note that although things coincide for computable reals, there are computably enumerable reals b which are not, what we will call, strongly computably enumerable.

Definition 6.1. A real a is called strongly computably enumerable if there exists a computably enumerable B g N such that nEB

The fact that there are c.e. reals that are not strongly c.e. was first noted by Soare [106]. Here is a very quick proof. To defeat W e ,the e-th c.e. set, we make our real have 1 in the 4e-th place, and 0 in places around it. We need do nothing unless 4e enters We. At that stage, we can make the 4e'th place of our real become 0 by making the 4e - 1-st place become 1. The motivating question for most of the rest of the section is the following. How can we present our c.e. real? Part of the answer is provided by Calude, Coles, Hertling and Khoussainov [9]. Those authors examined the cut definition of real, and its effective content. They defined a representation A of a (c.e.) real a as an increasing sequence of rationals qi for i E A with limit a. They asked what types of degrees can A have. Already we have seen that A can be computable. It is not difficult to prove the following.

Lemma 6.1. (Soare [106], Calude et. al. [9]) Let L ( a ) denote the lower 'If we only ask for a limit of a computable sequence of computable reals, then instead of getting the computably enumerable reals we gets real whose dyadic expansion is computable from the halting problem. ([53])

88

cut of a real a. That is, L ( a ) is the collection of rataonals less than a. Then if A is a representation of a, A m ( s ) , or z E D,). In either case, z # C. Hence m(s)+ 00. Note that Swtt C because only numbers entering C enter 2 and can do so only at the same stage. Finally we see that C Lwtt To decide if q E C , find the least stage s such that s > g ( q ) and E, 1 g ( q ) 1 = 1 g(q) 1. If q 5 m(s)then as above we can decide if q E C. Otherwise, q > m(s). Suppose that q # C3+1.We claim that q # C. Otherwise, consider the stage s1 where q enters C. Now, if q > m(s1- 1)then either q or some even h

+

h

+

+

e

+

e.

+

+

91

e.

smaller number must enter Thus it can only be that q 5 m ( s 1 - 1). As a consequence, there is some least stage t where s 5 t < s1 where m(t)< q and m(t 1) 2 q. Consider any stage t‘ 2 s where m(t‘) # m(t’ 1 ) . For an induction, we suppose that q # Ctf. We only reset m(t’)because we saw some q‘ enter Ctt U Dtt with q‘ > m(t’) 2 m(s). We put q’ into Since g ( q ) 1 = c^ g(q) 1, we can only have that the Godel number of q’ exceeds q 1. Therefore, it cannot be that q enters C at stage t‘. If it did, then either q or some number with Godel number less than or equal to q would enter in place of q’. (Remember here, we are considering in C, U D, all rationals in the associated lower cut with Godel number 5 u.) Thus, in particular, at stage t = t’, q # Ct. But if q , or some number with Godel number below q does not enter 6 at stage t + l , which it cannot, then q is not in C. Hence C Swtt 2. 0 The proof above can be improved to give the following.

+

e8r

+

+

+

r

+

e

Theorem 6.3. (Downey) a is the m-degree of a c.e. splitting of L ( a ) iff a is the m-degree of a representation of a . Proof. The modification is the following. At stage s, when we increase m(s),we put into C not just the least q but, in rational increasing order, all q entering C with Godel number less than s. Now as we have seen, since m(s) + 00, C is a representation of a. Moreover, the same argument shows that C E w t t We claim the reductions are m-reductions. First IrnC. Given q go to a stage s bigger than the Godel number of q. If q is below m ( s ) then, as before, we can decide computably if q E C. Else, note that q E C iff q E The same argument shows that C 6.0 We remark that many of the theorems of Calude et. al. [9] now come out as corollaries to the characterization above, and known results on splittings and wtt degrees. We refer the reader to, for instance, Downey and Stob [32]. For instance, we get the following. h

-

e.

e.

srn

Corollary 6.1. There exist computably enumerable reals ai such that the collection of T-degrees of representations R ( a i ) have the following properties. (a) R ( a 1 ) consists of every c.e. ( m - ) degree (ii) R ( a 2 ) f o r m s a n atomless boolean algebra, which is nowhere dense in the c.e. degrees. (iii) There is a c.e. degree b with 0 < b < deg(L(a3)) such that if x is the degree of a representation above b then x = deg(L(as)), and i f

92

x is below b then x = 0.

0 Proof. See Downey and Stob [32]. We also remark that the above has a number of other consequences regarding known limits to splittings. For instance; Corollary 6.2. If a c.e. real a has representations in each T-degree below that of L ( a ) then either L ( a ) is Turing complete or low. Proof See Downey [20]. 0 As our final topic we look at the other form of representing reals. To avoid confusion we have the following definition. Definition 6.2. Let A

c {O,l}*.

(i) We say that A is a presentation of a c.e. real a if A is a prefix free c.e. set with a =Cn~A2-l~'.

(ii) We say that a c.e. set A is a strong presentation of a if a = &A

(Here, the

. xu.

.xu denotes the binary expansion.)

Previously we have seen that a has representations of degree L(a). However, presentations can behave quite differently. Theorem 6.4. There is a c.e. real a which is not computable, but such that if A presents a then A is computable.

Proof Sketch We briefly sketch the proof, details being found in Downey and LaForte [28]. We only mention the case (i) above. We must meet the requirements below.

Re : We presents a implies We computable. We build a presentation of A , via the nearly c.e. definition. That is, we have an approximation a = .ao,s... and obey the conditions that if ~ i = , 1 and ~ ai,,+l = 0 then aj,,+l becomes 1 for some j < i. To make a noncomputable, we must also meet the requirements:

Pe : For some i , i E We iff ai = 0. The strategy for Pe is simple. We must pick some i to follow it, and initially make it 1. At some stage s, if we see i enter W e ,then we must make ai,t = 0 for some t 2 s.

93

To make this cohere with the Re we need a little work. First, we need to surround i with some 0’s so that we can make it 0 by making the one before, say, 1. However, more importantly, we need to also make sure that for those Rk of higher priority if wk presents a then wk is computable. Associated with RI, will be a current “length of agreement”. This is a number m ( k , s ) such that a , - CnEwb,,2-lnl< 2 - ” ( I , y S ) . We can assume that a, 2 CnEwk,, 2-lnl, for otherwise, we can win by withholding numbers from a. We promise that once m ( k , s ) > d, then no number of length 5 d can enter Wk. Now the idea is that when we see some P, require attention for e bigger than k , if i is smaller than m ( k , s ) , the interesting case, then we wish to put a relatively big number into a , by changing position i for the sake of P,, yet we wish to not allow numbers of low length to enter wk. The idea is to slowly work backwards. So first we will make position into A,+1. m ( k ,s) + 1 = 1 by adding something of length We then do nothing until WI,responds by giving us a stage t > s with at - ~ ~ ~ ~ ~ < , 2-m(k?s)+1. ~ 2 - l n l Note that wk can only change on strings of long length, since we only changed A slightly. Now we repeat, adding another string of the same length 2-m(k*s)+1into As+l. Again we wait for another expansion stage. Note that this next addition changes things at position m(k,s) or earlier. We can continue in this way at most 2m(k+)-i many times till we get to change position i. Now there are two outcomes. Either at some stage, we don’t get recovery, so that WI,does not present A , or wk responds at each stage and we get a change only on long strings. This means that we can compute wk. This is the basic module for a standard IIz priority argument, akin to the embedding of 1-3-1. Details can be found in Downey and LaForte [28]. 2-m(k1s)+1

0

We remark that the proof above is very similar to the embedding of 1-3-1 in the c.e. Turing degrees. The result is related to lattice embeddings since Downey and LaForte did show the following. Theorem 6.5. (Downey and LaForte [ 2 8 ] )I’L(a) has promptly simple degree, then a has a noncomputable presentation.

We remark that all of this is related to wtt degrees. As our final results we offer the following.

94

Theorem 6.6. (Downey and LaForte [28]) Suppose that A presents a A. Then there is a presentation of a of wtt degree c.e. real a. Let B

B. Proof Sketch Suppose that I?* = B is a wtt reduction with use y and A is a presentation of a. We suppose that every stage is expansionary. We build a presentation C Ewtt B. We suppose that 0 # B. For each i 5 r ( n ) ,and each o with [oil= i, choose a length m 2 n, and strings rk(Ui)of length m for k 5 p(ai,n)large enough, so that the set of r ' s can be chosen to keep C prefix free, and such that there are 2m - 2%many T k (oi) of lengthk m. At stage s assume that there is a unique element n in B,+1 - B,. For each i 5 $n), Ioil = i, if oi E A,+1 - A,, put coding markers rk(oi,n)of length m = m(ui,n) into Cs+l, causing i to enter C,EC,+12-1T1. If j > y(n) and oj of length j enters A,+I, put 2-('J>0) into C. It is not difficult to argue that the set C works. n) with First C Swtt B. To see this, to decide if /3 enters C compute (7, /3 = ( r , n ) . If n = 0 compute a stage s where B 171 = B, 1 171. Then /3 E C iff /3 E Cs+l. If n # 0 then since /3 can only enter at C the stage n enters B we get C Swtt B . Conversely, to see that B SWttC , to decide if n enters B simply compute a stage s where C, 1 Tk(Oi,n)= C 1 Tk(oi,n)for all i 5 y ( n ) ,and k 5 p(ai7 n). It is clear that C presents the real since when i enters the A-sum, it is because some oi enters A. At such a stage, we will put enough I - ( ( T ~ , n ) into 0 C to cause i to enter the C-sum. 2m("'7")-i

r

Corollary 6.3. Suppose that a is strongly c.e. with a = ' X A . Then B is the wtt degree of a presentation of a iff B swttA. Proof Put Oi-'l E B iff i E A. This is a presentation with m-degree that of A . Now apply the theorem. 0 Downey and Terwijn [33] proved a major extension of the above. Since {lo : (T E A} U {Or : T E B } has the same wtt- degree of the join of those of A and B , counting quantifiers, by Theorem 6.6, we see that if a is a c.e. real than the wtt-degrees of presentations of a forms a C: ideal in the c.e. w t t degrees. kThe idea here is that we can use the C-sum.

T'S

collectively to add something of length i to the

95

Theorem 6.7. (Downey and Terwijn [33]) Suppose that Z is any X! ideal in the c.e. wtt-degrees. Then there is a c.e. noncomputable real a such that the wtt-degees of presenatations of a are precisely the members of 1. The proof of this theorem combines the “drip-feed” strategy of DowneyLaforte, a coding strategy, and a 2: approximation strategy. We refer the reader to [33] for further details. 7. Epilog: What are good questions in computable mathematics? Some of the first questions asked in effective mathematics must be those of Hilbert and of Dehn. Focusing on Dehn, he posed the famous word, conjugacy, and isomorphism problems for finitely presented groups. These questions gave rise to combinatorial group theory, and are primarily of interest because they give enormous insight into the structure of groups. This is the key. Good questions should give insight into either computability (as in our torsion free result) or need considerable algebraic or analytic insight to solve. We offer with some trepidation a couple below which we feel will fall into this category.

Question 7.1. A structure is called &-decidable if one can decide all nquantifier statements. For each n, is there a finitely presented group which is n but not n + 1 decidable? Is there a finitely presented group which is not decidable, but is n decidable for each n? Question 7.2. (Downey and Kurtz) For each II; class C is there a compuably presented torsion free group with the orderings (up to reversal) in 1-1correspondence with the members of C? Reed Solomon has observed that the answer is no if the group must be Abelian. Incidentally, Solomon [104,105] proved that a computably presented group is isomorphic to a quotient of a computably ordered version of a free group by a computable convex normal subgroup. This theorem has a remarkably difficult proof, going through a classical group ring construction and needing small cancellation theory. It would be interesting to know why this so, and whether this must be the case. Perhaps proof theory can provide the answer. Note that there is no known simple proof that the two generator free group can be ordered.

96

Question 7.3. (Friedman, Simpson, Smith [39]') Given a I I: C is there a commutative ring with 1 whose set of prime ideals is in 1-1correspondence with the member of C? Question 7.4. For each n, classify, by order type, the computable linear orderings with a nontrivial I: automorphism. The answer is known for n = 0 (Schwartz), but open for n = 1. See Downey [18] for more on this question. Question 7.5. (Rosenstein) It is known that a scattered linear partial ordering has a scattered linear extension. Is this computably true? What is its proof theoretical strength? Since the original writing of this paper, this question has be analyzed by Downey, Hirschfeldt, Lempp, and Solomon [24]. The proof theoretical strength is surprisingly high (around AT&.)

'Strictly speaking, Friedman et. al. claimed this as a theorem in [39]. It was only later that a flaw was found in the proof. The reverse mathematics result was proven by separating sets. They proved this and stated the problem in the later addendum [40].

97

References 1. Ash, C. J., Categoricity in the hyperarithmetical degrees, Ann. Pure and Appl. Logic, vol. 34 (1987), 1-34. 2. Ash, C. J., Labelling systems and r.e. structures, Ann. Pure and Appl. Logic, vol. 47 (1990), 99-120. 3. Ash, C., P. Cholak, and J. Knight, Permitting, forcing, and copying of a given recursive relation, Annals of Pure and Applied Logic, Vol. 87 (1997), 219-236. 4. Ash, C. J., C. Jockusch and J. F. Knight, Jumps of orderings, Trans. Amer. Math. SOC.Vol. 319, (1990), 573-599. 5. Ash, C. J., J. F. Knight, M. Manasse, and T. Slaman, Generic copies of countable structures, Ann. Pure and Appl. Logic, vol. 42 (1989), 195-206. 6. Ash, C. J. and A. Nerode, Intrinsically recursive relations, in Crossley [16], 26-41. 7. Baumslag, G., E. Dyer, and C. Miller 111, On the integral homology of finitely presented groups, Topology, Vol. 22 (1983), 27-46. 8. Boone, W. W., Certain simple unsolvable problems in group theory, IVI Nederlakad. Wentenschappen, Proc. Ser. A, vol. 57 (1954), 231-237, 492-497, V O ~58. (1955), 252-256, 571-577, V O ~60. (1957), 22-27, 227-232. 9. Calude, C., R. Coles, P. Hertling, and B. Khoussainov, Degree-theoretical aspects of computably enumerable reals, t o appear. 10. Calude, C., P. Hertling, B. Khoussainov, and Y . Wang, Recursively enumerable reals and Chaitin’s R number, in STACS’98, Springer Lecture Notes in Computer Science, Vol. 1373, 1998, 596-606. 11. Chaitin, G. A theory of program size formally identical to information theory, J. Assoc. Comput. Mach., Vol. 13 (1966), 547-569. 12. Cenzer, D. and J. B. Remmel, Polynomial time vs recursive models, Ann. Pure and Applied Logic, Vol. 54 (1991), 17-58. 13. Chisholm J., and M. Moses, Undecidable linear orderings that are nrecursive for each n, in preparation. 14. Coles, R., R. Downey, and B. Khoussainov, Initial segments of computable linear orderings. Order, Vol. 14 (1997-1998), 107-124 15. Coles, R., R. Downey, and T. Slaman, Every set has a minimal jump enumeration, Journal London Math. SOC.(2) Vol. 62 (2000), 641-649. 16. Crossley, J. N., (ed) Aspects of Effective Algebra, (Ed) Upside Down A Book Co., Yarra Glen, Vic. Australia (1981). 17. Downey, R., Every recursive boolean algebra is isomorphic t o one with incomplete atoms, Ann. Pure and Appl. Logic, Vol. 60 (1990), 193-206. 18. Downey, R. On presentations of algebraic structures, in Complexity, Logic and Recursion Theory, (A. Sorbi, ed.), Marcel Dekker, Lecture Notes in Pure and Applied Mathematics, Vol. 197 (1997), 157-206. 19. Downey, R., Computability theory and linear orderings, Handbook of Recursive Mathematics, Val 2, (Ed. Ershov, Goncharov, Nerode, Remmel, Marek), Studies in Logic Vol. 139, North Holland, 1998, 823-976. 20. Downey, R. G . , On the universal splitting property, Mathematical Logic

98

Quarterly, 43 (1997) 311-320. 21. Downey, R., Z. Feuredi, C. Jockusch, and L. Rubel, Difference sets and computability theory, Annals Pure and Applied Logic. Vol. 93 (1998), 6372. 22. Downey, R. and D. Hirschfeldt, Algorithmic Randomness and Complexity, Springer-Verlag monographs in Computer Science, t o appear. 23. Downey, R., D. Hirschfeldt, A. Nies, and F. Stephan, Trivial reals, this volume. (extended abstract in Computability and Complexity in Analysis Malaga, (Electronic Notes in Theoretical Computer Science, and proceedings, edited by Brattka, Schroder, and Weihrauch, FernUniversitat, 2946/2002, 37-55),July, 2002.) 24. Downey, R. G., D. Hirschfeldt, S. Lempp, and R. Solomon, Computabilitytheoretical and proof-theoretical aspects of partial and linear orderings, t o appear, Israel J. Math. 25. Downey, R. and C. Jockusch, Every low boolean algebra is isomorphic to a recursive one, Proc. Amer. Math. SOC.,Vol. 122, (1994), 871-880. 26. Downey, R. G. and J. F. Knight, Orderings with a-th jump degree O ( a ) , Proc. Amer. Math. SOC.,vol. 14 (1992), 545-552. 27. Downey, R. G. and S. A. Kurtz, Recursion theory and ordered groups, Ann. Pure and Appl. Logic, vol. 52 (1986), 137-451. 28. R. Downey and G. LaForte, Presentations of computably enumerable reals, Theoretical Computer Science Vol. 284 (2002), 539-555. 29. Downey, R. G., G. LaForte, and A. Nies, Enumerable sets and quasireducibility, Annals of Pure and Applied Logic, Vol. 95 (1998), 1-35. 30. Downey, R. G. and M. F. Moses, Recursive linear orderings with incomplete successivities, Trans. Amer. Math. SOC.,vol. 320 (1991), 653-668. 31. Downey, R. G. and J. B. Remmel, Classification of degree classes associated with r.e. subspaces, Ann. Pure and Appl. Logic, 42 (1989) 105-125 32. Downey, R., and M. Stob, Splitting theorems in recursion theory, Annals Pure and Applied Logic, 65 (1)((1993) 1-106). 33. , Downey, R. and S. Terwijn, Computably Enumerable Reals and Uniformly Presentable Ideals, Archive for Mathematical Logic Vol. 48 (2002), 29-40. 34. Ershov, Y . , S. Goncharov, A. Nerode, and J. Remmel, (eds) Handbook of Recursive Mathematics, (V. Marek, associate editor), Studies in Logic Vol. 139, North Holland, 1998. 35. Feiner, L. J., Orderings and Boolean Algebras not isomorphic to recursive ones, Thesis, MIT (1967). 36. Feiner, L. J., Hierarchies of boolean algebras, J. Symb. Logic, vol. 35 (1970), 365-373. 37. Feiner, L. J., The strong homogeneity conjecture, J. Symb. Logic, vol. 35 (1970), 373-377. 38. Feiner, L. J., Degrees of non-recursive presentability, Proc. Amer. Math. SOC.,V O ~ .38 (1973), 621-624. 39. Friedman, H., S. Simpson and R. Smith, Countable algebra and set existence axioms, Ann. Pure and Appl. Logic, vol. 25 (1983), 141-181.

99

40. Friedman, H., S. Simpson and R. Smith, Addendum to “ Countable algebra and set existence axioms,” Ann. Pure and Appl. Logic, vol. 28 (1985), 319320. 41. Friedman, H. and L. Stanley, A Bore1 reducibility for countable models, J. Symb. Logic, Vol. 54. (1989), 894-914. 42. Fuchs, L., Infinite Abelian GTOUPS,Vol. 11, Academic Press, 1973. 43. Goncharov, S. S., On the number of nonautoequivalent constructivizations, Algebra and Logic, Vol. 16 (1977), 169-185. 44. Goncharov, S. S., Autostability of models and Abelian groups, Algebra and Logic, Vol. 19 (1980), 13-27. 45. Grigoreiff, S., Every recursive linear ordering has a copy in DTIMESPACE (n,log(n)), J. Symb. Logic, vol. 55 (1990), 260-276. 46. Harizanov, V., Some effects of Ash-Nerode and other decidability conditions on degree spectra, Ann. Pure Appl. Logic. vol. 54 (1991), 51-65. 47. Harizanov, V., Uncountable degree spectra, Ann. Pure Appl. Logic. vol. 54 (1991), 255-263. 48. Harizanov, V., Turing degree of the non-zero member in a two element degree spectrum, Ann. Pure and Appl. Logic, vol. 60 (1993), 1-30. 49. Higman, G., Subgroups of finitely presented groups, Proc. Royal SOC.London, Vol. 262 (1961), 455-475. 50. Higman, G. and E. Scott, Existentially Closed Groups, Oxford University Press, 1988. 51. Hirschfeldt, D., Degree Spectra of Relations on Computable Structures, PhD Thesis, Cornell University, 1999. 52. Hirschfeldt, D., B. Khoussainov, R. Shore and A. Slinko, Degree spectra and computable dimension in algebraic structures, in preparation. 53. Ho, Chun-Kuen, Relatively recursive reals and real functions, Theoretical Computer Science, Vol. 219 (1999), 99-120. 54. Kechris, A. S., New directions in descriptive set theory, Bull. Symbolic Logic, vol. 5 (1999), 161-174. 55. Khoussainov, B. and A. Nerode, On automata representable structures, in preparation. 56. Khoussainov, B. and A. Nerode, Automatic Model Theory, monograph in preparation. 57. Khoussainov, B. and R. Shore, Effective model theory: the number of models and their complexity, to appear. 58. Hird, G., Recursive properties of relations on models, Ph.D. Thesis, Monash University (1983). 59. Jockusch, C. G., Ramsey’s theorem and recursion theory, J. Symb. Logic, V O ~ .37 (1972), 268-279. 60. Jockusch, C. G. and R. I. Soare, Degrees of orderings not isomorphic to recursive linear orderings, Ann. Pure and Appl. Logic., Vol. 52 (1991), 39-64. 61. Jockusch, C. and R. Soare, Boolean algebras, Stone spaces, and the iterated Turing jump, Journal of Symbolic Logic, Vol. 59 (1994), 1121-1138. 62. Khisamiev, N., Connections between constructivizability and nonconstruc-

100

63. 64.

65. 66. 67. 68. 69. 70. 71. 72. 73. 74. 75. 76. 77. 78. 79.

80. 81. 82. 83. 84. 85.

tivizability for different classes of Abelian groups, Algebra and Logic, Vol. 23 (1984), 220-233. Khisamiev, N., Hierarchies of torsion free Abelian groups, Algebra and Logic, Vol. 25 (1986), 128-142. Khisamiev, N., and Z. Khisamiev, Nonconstructavizability of the reduced part of a strongly constructive torsion-free Abelian group, Algebra and Logic, Vol. 24 (1985), 69-76. Kierstead, H., Recursive ordered sets, in I. Rival (ed) Combinatorics and Ordered Sets, Contemporary Math., vol 57, Amer. Math. SOC.(1986). Kierstead, H., G. McNulty and W. Trotter, Recursive dimension for partially ordered sets, Order, vol. 1, (1984), 67-82. Knight, J. F., Effective constructions of models, in Logic Colloquium (ed. Paris, Wilkie and Wilmers) North-Holland, Amsterdam (1986). Knight, J. F., Degrees coded into jumps of orderings, J. Symb. Logic, vol. 51 (1986), 1034-1042. Knight, J. F., A metatheorem for finitely many workers, J. Symbolic Logic, V O ~ .55 (199), 787-804. Knight, J. F., Constructions for transfinitely many workers, Ann. Pure and Appl. Logic, vol. 48 (1990), 237-259. Kopytov, A., and V. Kokorin, Fully Ordered Groups, John Wiley and Sons, 1974. Lerman, M., On recursive linear orderings, in Lerman, Schmerl and Soare [1981], 132-142. Lerman, M., Degrees of Unsolvability, Springer-Verlag, New York (1983). Lerman, M. and J. Rosenstein, Recursive linear orderings, in Metakides [1982], 123-136. Lin, C., Recursion theory on countable Abelian groups, Ph. D. Thesis, Cornell University, 1977. Lin, C., The effective content of Ulm’s theorem, in Crossley [16], 147-160. McEvoy, K., Jumps of quasi-minimal enumeration degrees, J. Symb. Logic, Vol. 50 (1985), 839-848. McNulty, G., Infinite ordered sets, a recursive perspective, in I. Rival (ed) Proc. of Symp. on Ordered Sets, D. Reidel, Dortrecht (1982). Metakides, G. and A. Nerode, Recursion theory and algebra, in Algebra and Logic (ed. J. N. Crossley), Lecture notes in Math., vol. 450, New York (1975), 209-219. Metakides, G. and A. Nerode, Effective content of field theory, Ann. Math. Logic, vol. 17 (1979), 289-320. Miller, R., The A! spectrum of a linear ordering, t o appear. Moses, M. F., Recursive Properties of Isomorphism Types, Thesis, Monash University, Melb. Australia (1983). Moses, M. F., Recursive linear orders with recursive successivities, Ann. Pure and Appl. Logic, vol. 27 (1984), 253-264. Moses, M. F., Relations intrinsically recursive in linear orderings, Z. Math. Logik Grundlagen. Math., vol. 32 (5), 467-472. Moses, M. F., Decidable discrete linear orderings, J. Symb. Logic, vol. 53

101

(1988), 531-539. 86. Oates, S., Jump Degrees of Groups, Ph. D. Thesis, University of Notre Dame, 1989. 87. Odifreddi, P., Classical Recursion Theory, Vol. I, North-Holland (1989). 88. Peretyat’kin, M., Every recursively enumerable extension of a theory of linear orderings has a constructive model, Algebra i Logik, vol. 12 (1973), 211-219. 89. Pinus, A., Effective linear orderings, Siberian Math. J., vol. 16 (1975), 956-962. 90. Remmel, J. B., Recursively categorical linear orderings, Proc. Amer. Math. SOC.,V O ~ .83 (1981), 379-386. 91. Remmel, J. B., Recursive Boolean algebras, in Handbook of Boolean Algebras, Vol 3 (ed. D. Monk) North Holland (1990), 1097-1166. 92. Rice, H., Recursive real numbers, Proc. Amer. Math. SOC.,Vol. 5 (1954), 784- 79 1. 93. Rice, H., Recursive and recursively enumerable orders, Trans. Amer. Math. SOC.,V O ~ .83 (1956), 277-300. 94. Richter, L, Degrees of Structures, Ph. D. Thesis, University of Illinois at Urbana-Champaign, 1979. 95. Richter, L. J., Degrees of structures, J. Symb. Logic, vol. 46 (1981), 723731. 96. Rival, I., Ordered Sets (ed.) Nato Advanced Study Inst. Series 83, D. Reidel Co., Dordrecht (1981). 97. Rival, I., Graphs and Order (ed.) Nato Advanced Study Inst. Series, vol. 147, D. Reidel Co., Dordrecht (1984). 98. Rival, I., Combinatorics and Ordered Sets (ed.), Contemporary Math., vol. 57, Amer. Math. SOC.(1986). 99. Rogers, H. J., Theory of Recursive finctions and Effective Computability, McGraw-Hill, New York (1967). 100. Rosenstein, J., Linear Orderings, Academic Press, New York (1982). 101. Rosenstein, J., Recursive linear orderings, in Orders: Descriptions and Roles (M. Pouzet and D. Richard, eds.), Ann. Discrete Math., vol. 23, North-Holland (1982), 465-476. 102. Slaman, T., Relative to any nonrecursive set, Proc. Amer. Math. SOC,Vol 126 (1998), 2117-2122. 103. Slaman, T. and H. Woodin, Extending partial orders to dense linear orders, Ann. Pure and Appl. Logic, Vol. 94 (1998), 253-261. 104. Solomon, R., Reverse Mathematics and Ordered Groups, PhD. Thesis, Cornell University, 1998. 105. Solomon, R., Ordered groups: a case study in reverse mathematics, Bull. Symb. Logic, Vol. 5 (1999), 45-58. 106. Soare, R. I., Recursion theory and Dedekind cuts, Trans. Amer. Math. SOC.,V O ~ .140 (1969), 271-294. 107. Soare, R. I., Recursively Enumerable Sets and Degrees, Springer-Verlag, New York (1987). 108. Soskov, I., A jump inversion theorem for the enumeration jump, to appear,

102

Archive for Math. Logic. 109. Szpilrajin, S., Sur les tension de l’orde partial, Fund. Math., vol. 45 (1958), 2 13-2 16. 110. Schmerl, J., Recursion theoretical aspects of graphs and orders, in I. Rival [1984], 467-486. 111. Schmerl, J., What’s the difference?, Annals Pure and Applied Logic, Vol. 93 (1998), 255-261. 112. Smith, R., Two theorems on autostability in pgroups, in Logic Year 197980,Lerman, Schmerl, Soare, Springer, LNM, 859, (1981) 302-311. 113. Thurber, J., Degrees of Boolean Algebras, Ph. D. Thesis, University of Notre Dame, 1994. 114. Watnik, R., Recursive and constructive linear orderings, Thesis, Rutgers University (1980). 115. Wehner, S., Enumerations, countable structures and Turing degrees, Proc. Amer. Math. SOC.,Vol 126 (1998), 2131-2139.

103

TRIVIAL REALS

ROD G. DOWNEY* School of Mathematical and Computing Sciences Victoria University of Wellington New Zealand

DENIS R. HIRSCHFELDT~ Department of Mathematics University of Chicago

U.S.A. ANDRE NIES Department of Computer Science Auckland University New Zealand

FRANK STEPHAN~ Mathematical Institute Unaversity of Heidekberg Germany

n) 6 Solovay showed that there are noncomputable reals a such that H ( a H ( l n ) 0(1),where H is prefix-free Kolmogorov complexity. Such H-trivial reals are interesting due to the connection between algorithmic complexity and effective randomness. We give a new, easier construction of an H-trivial real. We also analyze various computability-theoretic properties of the H-trivial reals, showing for example that no H-trivial real can compute the halting problem. Therefore, our construction of an H-trivial computably enumerable set is an easy, injury-free construction of an incomplete computably enumerable set. Finally, we relate the H-trivials to other classes of “highly nonrandom” reals that have been previously studied.

+

*Supported by the Marsden fund of New Zealand. +Partially supported by NSF Grant DMS-02-00465. $Supported by the Heisenberg program of the Deutsche Forschungsgemeinschaft (DFG), grant no. Ste 96711-2.

104

1. Introduction Our concern is the relationship between the intrinsic computational complexity of a real and the intrinsic randomness of the real. Downey, Hirschfeldt, LaForte and Nies [8,9] looked at ways of understanding the intrinsic randomness of reals by measuring their relative initial segment complexity. (In this paper, “random” will always mean “1-random” ; see Section 2 for basic definitions.) Thus, for instance, if a and p are reals (in (0,l)),given as binary sequences, then we can compare the complexities of a and p by studying notions of reducibility based on relative initial segment complexity. For example, we define a < K p if K ( a 1 n ) K ( @1 n) 0(1), where we will be denoting classical Kolmogorov complexity by K . For prefix-free Kolmogorov complexity H , we define a < H p analogously. The goal of the papers [8,9] was to look at the structure of reducibilities like the above, and interrelationships among them, as a way of addressing questions such as: How random is a real? Given two reals, which is more random? If we partition reals into equivalence classes of reals of the “same degrees of randomness”, what does the resulting structure look like? The classic example of a random real is the halting probability of a universal prefix-free machine M , Chaitin’s R = CgEdom(M) 2-lu1. It is well-known that R has the property that a < H R for all reals a. A natural question to ask is the following: Given reals a < R ,6 (for R E { H , K } ) ,what can be said about the computational complexity of a and p measured relative to, say, Turing reducibility? For example, if we restrict our attention to computably enumerable (= recursively enumerable) reals, that is to the ones whose left cuts are computably enumerable, then being H-complete like R implies that the real is Turing complete. A natural guess would be that for all reals, if a < R p then a i qj into t r a s h . But always qj+l q j / 2 , and letting u be the number of times the expression A f ~ ( mhas ) changed so far, qi+l < , 2-2i-22-(~+1) 9. So Cj >.a . q3' < 2-2i-12-(U+1)g, and the total sum over all u is 2-2i-1g. The trash contributed by (a) and (b) together is at most 2-2ig. 0

+

<
22'-H(u), then eventually we put in an axiom ( H ( u ) - r + l , u ) , a n d h e n c e H ~ ( o ) H(o)-(c+l),acontradictioa




Define a unary operation putting

[pA] :

PA

+ P A on the powerset

P A of A by

[pA]X = { a E A : a E Dom ( p o ~a ) implies p ~ ( a ( a )E)X } = -Dom ( P A 0 a ) U { u E Dom ( P A 0 a ) : p ~ ( a ( a )E) X } .

It is straightforward to verify that [pA](Xn y ) = [pA]Xn [ p A ] y [pA](x u y ) = [pA]Xu [ p A ] y [pA]@= -Dom ( p 0~a). For any ultrafilter F on A, let Fp be the inverse image of F under

6) (ii) (iii) [pA]:

Fp = { X C A : b A ] X E F } . Since F is a filter, it follows from (i) that X f l Y E Fp iff X , Y E Fp, which means that Fp is a filter. Then if F E (DOmpA ~ a )since ~ Dom ~ (, p oa) ~ E F we get [pA]@4 F by (iii), so 0 4 Fp, and therefore Fp is proper. But (ii) implies that Fp is prime ( X u Y E Fp only if X E Fp or Y E Fp),so altogether Fp is an ultrafilter on A in this case. Moreover, if F is rich, then so is Fp. For, given a ground observable term N : o, consider the term N [ M p / s ]: o, where M p = p[tr(s)/w]: S t as in

177

Case u = u1 x

02

In this first inductive case we make the hypothesis that

A+ 0

@lJ

EA 0

178

fulfils Theorem 3.2 for any ultrafilter U . NOW PjA = rj o p A , where xj projects [(TI ] A x I [ ( T ~ ] onto A [cj] A , so as rj and a are total, Dom (gA o a ) = Dom (PA o a). Thus if Dom ( p 0~a ) E F E EA, then by induction hypothesis E V A o a ) ( F )is defined for j = 1,2, so we can define

a ) ( F )= ( E ( p i a > ( F ) , E ( p i a >(F ))-

E(pA

This yields the diagram @U

A+ (PA

I[ O1 ] A +

I

EA

IEbA O a) 1.1

x

021@U

102 ]A+

1.1

]EA

x

[a2 ]EA

In this case of (T = (TI x ( ~ 2 (, p o ~a)+ is defined to be the pairing function ( ( p i o a)+,( p i o a)+),so if z E Dom ( p o ~a)+,then for j = 1 , 2 , rjIE(pA

a>(@U(z)>I

= EVA O .>(@U(X)>

definition of E ( ~ oAa )

= Igjl@U((P”A

second-to-last diagram

= l ( T j l @ U ( X j ( ( p A a)+(.)))

definition of

( P A o a)+

= xj[l(~1x CTZ~@U((PA 0 a)+(.))] definition of /elx ezl. Hence E ( p A 0 a ) ( @ U ( x ) ) = 101

02l@U(bA

a)+(.)),

making the last diagram commute as required.

I Case

(T

= 01

+

(TZ

1 Assume Theorem 3.2 holds for

P.Ei

01

and

02.

This time we

lujl and, by the induction hypothesis, have define pl to be the path 17) a partial function E($A o a ) such that the same diagram

A+

@U

* EA

179

fulfils Theorem 3.2. But now = ~j o p ~where , ~j is the (partial) extraction from IT^ ] A [ ~ ] 2A to [Uj] A , and Dom ( P A o a ) is the disjoint union of Dom ($\o a ) and Dom ( p i 0 a ) . Thus if Dom ( P A o a ) E F E EA, then Dom (gA0 a ) E F for exactly one j, and we define

+

for this j , where ~j is the insertion of yields the diagram

[uj ]EA

into

[a1] E A

@U

A+ (PA

a)(F))

a ) ( F )= L j ( E ( &

E(PA

+

EA ]E @ A a )

a)']

[gl ]A+

+ [ U Z ] E A . This

+ [g2]IA+

Iff1

+ U21@U

[Ul]EA+[u2]EA

In this coproduct case, Dom ( P A o a ) + is the disjoint union of Dom ( p i o a ) + and Dom ( p i o a)+,and ( p o ~a)+(.) = ~j((g~ o a)+(.)) for the unique j such that (gAo a)+(.) is defined. Then

making the last diagram commute as required.

1-

-

Assume the Theorem holds for u. Let D =

from the path

"2 IuI

(TI

P

=. 01 we obtain, for each

(0

171 and, by hypothesis on the diagram

A+

U ,a

d E

Then

D ,the path p d

=

partial function E ( p i o a ) such that

@U c

EA IEbi

(Pi [CIA+

1.1.

l4@u

I["]IEA

oa)

180

fulfils Theorem 3.2. Here p$ = e v d O ~ A with , e v d : [On:: + [ o ] A , so as e w d and a are total, Dom ( p i o a ) = Dom ( P A o a ) . Thus if Dom ( p 0~ a) E F E EA, then by induction hypothesis on O , E(p2 o a ) ( F )is defined for all d E D ,so we can define E ( ~ oAa ) ( F )as a function of type D + [ O ~ E Aby putting

E(pA a ) ( F ) ( d )= E(pi a ) ( F ) . This yields the diagram @U

A+

* EA

definition of E ( ~ oAa ) second-to-last diagram definition of ( p o~a)+. definition of

E(pA

a ) ( @ U ( x )= ) 10

*

Ol@U((PA

10

01.

j

a)+(x)),

making the last diagram commute as required. This completes the inductive proof of Theorem 3.2.

0

5. Definable Enlargements We now consider a modification of the ultrafilter enlargement construction. This will produce a natural quotient of the coalgebra Ea by focusing on the truth sets (pa

= {X E A : a , x

9)

181

of ground observable formulas cp. Such sets may be called definable, and the collection

Def

" = {cp"

: cp

is ground and observable}

is a Boolean algebra of subsets of A. This follows because in general @ n cpz = A 9): and A - pa = (-wp)", so Def" is a subalgebra of the powerset Boolean algebra PA. Now let A A be the set of all observationally rich ultrafilters of the Boolean algebra Def O . Hence a member of A A is a collection of definable sets. Note that the sets ( M NN CM)" required for the definition of "observationally rich" are all defined by ground observable formulas, so such sets belong to Def ". Let 6, : E A + A A be the restriction map taking each F E E A to

(cpr

8,(F) = F n Def

= { p a : cpa E F } .

It is readily checked that B,(F) belongs to A A when F E EA. Moreover, 8, is surjective: for any H E AA, H has the finite intersection property so extends to an ultrafilter F on A which is rich because H is rich. Then F E E A and H g 8,(F), so H = 8,(F) as H is a maximal filter in Def ". Theorem 5.1. 6,(F) = 8,(G) if, and only if, F and G are bisimilar states in the coalgebra Ea. Proof. 8,(F) = B,(G) iff F and G contain the same sets of the form cpo with cp ground and observable. By the Truth Lemma 3.3 this means precisely that Ea, F I= cp iff E a , G cp for all such cp. But by Theorem 0 2.7(3), this holds iff F and G are bisimilar. Now let R = { (F,G) : F, G E E A and F and G are bisimilar}. Since R is a I+bisimulation (the largest one), there exists a transition p : R 3 [ T I E such that the diagram

R

commutes for j = 1 and j = 2.

182

Lemma 5.2. 8,(F)

where 1T18, : [ T ] E A to e, : E A + AA.

= 8,(G) implies ITlO,(Ea(F)) = ITlO,(Ea(G)), the result of applying the functor 17-1

+ [ T ] A A is

Proof. From the last diagram, for j = 1 , 2 ,

ITl8, o

so as

IT(

1~1rjo

p = 1T18,

0

Ea 0 rj,

o rj) o

p = 11 .8,

o

Ea o rj.

is a functor, ITl(8,

But Theorem 5.1 states that (F,G) E R iff 8,(F) = 8,(G), so the functions 8, o rland 8, o 7r2 from R to A A are identical, hence by the last displayed equation,

ITp,

E~ rl = ITp, E~

Tz.

Thus if 8,(F) = 8,(G), then (F,G) E R with

1T18, o Ea o r1 ( F ,G) = 1718, i.e. I+,(Ea(F))

0

Ea 0 r 2 ( F ,G) ,

= ITlO,(Ea(G)) as desired.

0

Theorem 5.3. There is a unique function Aa : A A 4 I[T]AA making the following diagram commute.

EA Ea

&Y

AA j Aa

Proof. Define Aa by putting Aa(e,(F)) = ITlO,(Ea(F)). Lemma 5.2 ensures that this is well-defined. Since 8, is surjective, the domain of Aa is AA. The definition of A a makes the diagram commute and is the only definition that can do so. 0 This result defines Aa as a .r-coalgebra and, importantly, makes 8, a surjective morphism from Ea to Aa. Aa is the definable enlargement of a. Theorem 5.1 states that the kernel of 8, is the bisimilarity relation on Ea, so Aa is isomorphic to the quotient of Ea by bisimilarity. Hence Aa is a simple coalgebra, i.e. itself has no proper quotients [RutOO, Proposition

183

8.21. In Aa itself, bisimilar states are equal. That also follows from Theorem 5.1, since bisimilarity is invariant under morphisms, so 8,(F) and B,(G) are bisimilar in A a precisely when F and G are bisimilar in E a , i.e. precisely when B,(F) = B,(G). The morphism 8, can be used to transfer the Truth Lemma 3.3 for E a , and its Corollary 3.4, to the corresponding results for Aa: Theorem 5.4. Let

D cp be a rigid observable formula.

+

(1) For any G E AA, Aa, G I' D cp i f f (2) a + r D c p iff A a k I ' D c p .

(rD cp)"

E G.

Proof.

(1) Given GI choose F E E A with G = B,(F). Then as 8, is a morphism, r D cp, which Theorem 2.4 yields that Aa, B,(F) b I? D cp iff Ea, F G by the Truth Lemma 3.3. in turn holds iff (I' D cp)* (2) From Corollary 3.4 we already know that a rDcp iff Ea rDcp. But as the morphism Oa is surjective, Theorem 2.4 yields that Ea b r D cp iffAa+I'rcp. 0 The morphism 6 , can also be used to transfer the State-Term Lemma 3.5 and its Corollary 3.6 to Aa: Lemma 5.5. Let M be ground term of type S t and let X E Def,. for any G E EA,

x E [M]A,(G)

Then

iff [M]G1(X) E G.

Consequently,

w]il,(xAA) = (IIMn;l(X))AA, where in general Y A A= {G E A A : Y E G}. Proof. Note first that if X = cp", then Theorem 2.3 states that I[ M ]la (z) E X iff 5 E cp[M/s],, so [ [ M ] ; l ( X )= cp[M/sIa,showing that [ M ] ; ' ( X ) is also definable. Now let G = B,(F) with F E EA. Then as 8, is a morphism, I[MDA,(G)

= e,(wiEa(F))=

iwEmn D ~ L ,

so as X is definable, X E [M]ld,(G) iff X E I [ M ] E , ( F ) , which holds iff [ M ] l ; l ( X ) E F by Lemma 3.5. But [ M ] ; ' ( X ) E F iff [ M ] ; ' ( X ) E G,

since [ M ] ; l ( X ) is definable as we just saw.

184

The rest of the Lemma then follows straightforwardly.

0

It follows from Theorem 5.4(2) that the class of all models of a rigid observable formula is closed under definable enlargements. In fact, in the structural characterization of such model classes set out in Theorem 2.10, observational ultrapowers can be replaced by ultrafilter enlargements, or by definable enlargements. To see this, first consider a class K of coalgebras that is closed under images of bisimulations. Then in particular it is closed under domains and images of coalgebraic morphisms, which means that for any surjective morphism f : a ++ p we have a E K iff /3 E K . This follows because the image of f is the image of the bisimulation Rf (the graph of f ) , while the domain of f is the image of the inverse relation RT', which is also a bisimulation. Now for any T-coalgebra a , if a+ is an enlarging observational ultrapower of a we have surjective morphisms

Thus if K is closed under images of bisimulations, and contains one of these three coalgebras, then it contains the other two as well. This observation, together with the equivalences of Theorem 2.10, yields the following extension of that Theorem.

Theorem 5.6. If T has at least one non-trivial observable subtype, then f o r any class K of T-coalgebras, the following are equivalent. (1) K is the class of all models of some set of rigid observable formulas. (2) K is closed under disjoint unions, images of bisimulations, and ultrafilter enlargements. (3) K is closed under disjoint unions, images of bisimulations, and definable enlargements. 0 6. Monads From Enlargements

In this section a category-theoretic perspective on coalgebraic enlargements is developed. The operation of assigning to each set A the collection of all ultrafilters on A gives rise to a categorical structure on the category Set of sets and functions that is known as a monad or triple (see [ML71, Chapter VI] or [Man76]). In a similar way, the Ea construction gives rise to a monad on the category r-Coalg of r-coalgebras and their morphisms.

185

For any morphism f : ( A ,a ) + ( B ,p) of r-coalgebras, define a function

Ef on EA by putting E f ( F ) = {Y

B : f-lY E F}.

Lemma 6.1. Ef is a morphism (EA,Ea) -+ ( E B ,ED). Proof. It is standard theory that E f ( F ) is an ultrafilter on B whenever F is an ultrafilter on A. To show it is observationally rich we use the fact, from the second sentence of Theorem 2.4, that for any ground observable formula cp, we have 2 E cp" iff f(z)E cpa in general, and so cp" = f-lcpo. For any ground observable term M : 0, a-richness of F implies that ( M M c)" E F for some c E [o]. Thus f-l(M M c)p E F by the last observation, and so ( M M c)O E Ef ( F ) . This shows that E f ( F ) is a ,&rich ultrafilter, so that Ef is indeed a function from E A to EB. Then to show Ef is a morphism it suffices, by Theorem 2.5, to show that for any F E E A and any ground term M , (1) [ M ] E , ( F ) = [ M ] E a ( E f ( F )if) M is observable; and (2) E ~ ( [ M I ~ , ( F )=) [ M n E , w ( F ) ) if M is of type

st.

+

For (I), let [ M ] E & ( F = ) c. Then Ea,F M M c, so ( M M c)" E F by the Truth Lemma 3.3. It follows as above that ( M M c)a E E f ( F ) ,hence E P , E f ( F ) M M c by 3.3 again. Thus

[ M ] E p ( E f ( F )= ) c = [M]IEa(F)For (2), as f is a morphism Theorem 2.5(2) states that the diagram

A-B UMI"1

f lfMla

A-B commutes. Hence for any Y C B ,

[ M];l(f-lY) Then

= f-l([M],lY).

186

y E Ef(IIM]Ea(F)) definition of E f

iff f - ' Y E [ M ] E , ( F ) iff I[ M

1;'

State-Term Lemma 3.5

( f -'Y) E F

iff f - l ( [ M ] p l Y )E F

from above

iff IIM]plY E E f ( F )

definition of E f

iff Y E [ M ] E o ( E f( F ) ) State-Term Lemma 3.5. Since this holds for all Y C B, (2) follows.

0

Ea and f I+ Ef provide It is now readily seen that the assignments a a functor E : T-Coalg + T-Coalg on the category of .r-coalgebras. Theorem 6.2. The morphisms V A : a + Ea are the components of a natural transformation 77 from the identity functor on 7-Coalg to the functor E. Proof. This amounts to the claim that for any morphism f the diagram

A

77A

EA

77B

lEf

B EB commutes in Set. But it is a simple set-theoretic calculation to show that E f ( q A ( 2 ) ) = V B ( f (2))for all 2 E A. Composing the functor E with itself gives the functor EE on .r-Coalg that assigns to each coalgebra ( A ,a ) a coalgebra ( E E A ,E E a ) whose states are the Ea-rich ultrafilters on EA. A function pa is defined on E E A by putting pa@) = { X

C A :X E AE P},

where X E A = { F E EA : X E F } , as in Section 3. Note that the notation pa is preferable to P A , since the definition depends on E A and hence on a. By contrast, the definition of 7 7 depends ~ only on the set A.

Theorem 6.3. The functions pa are the components of a natural transformation p from E E to E .

187

Proof. First it must be shown that pa is an arrow in T-Coalg (a morphism) from EEa to Ea. The fact that the map X e X E A preserves the Boolean set operations ensures that for each ultrafilter p E E E A , p Q ( p )is an ultrafilter on A. Moreover p a ( p ) is a-rich: for any ground term M : o there is some c E I[.] with ( M M c ) E p~, and ~ then by the Truth Lemma 3.3, { F E E A : ( M M C E) ~F } = { F : E a , F

M

M C }

= ( M e c ) ~ "E p ,

so ( M M c)" E p L , ( p )by definition of p a . This shows that p a ( p ) is rich, so pa is a function from E E A to EA. To show that pa is a morphism we apply Theorem 2.5, as in the proof of Lemma 6.1, this time showing that for any p E E A and any ground term M,

For (I), there exists an element c such that ( M NN c ) E ~p and ~ ( M "N c)" E pol@)as in the previous paragraph. By the Truth Lemma these imply that E E o , p M M c and Ea, p m ( p ) M M c, so that

For (Z), we reason that for any X C A ,

x E P=([M]IEEa(P)) iff X E A E [ M ] E E " ( ~ ) definition of pa iff I[ M ] I , k ( X E A ) E p

State-Term Lemma 3.5

iff ( [ M ] , ' ( X ) ) E AE p

Corollary 3.6

iff [ M ] ; ' X E p a ( p )

definition of p a

Lemma 3.5. iff X E [ M ] ~ ~ ( p ~ ( State-Term p ) ) Thus pa ([ M ] I E E " ( ~ ) ) = [ M ]Ea(pa( p ) ) ,completing the proof that pa is a morphism in .r-Coalg. Finally, to show p is natural it must be shown that the diagram

188

EEa

Pa

Ea

commutes in .r-Coalg whenever f is a morphism from a to P. This requires that

EEA

--kL.+ EA

-+

E E B PP EB commutes in Set, where A and B are the state sets of a and P. The proof of this is set-theoretic, requiring no further coalgebraic analysis, and is essentially part of the standard theory of ultrafilters [Man76, Section 1.31. The details are left to the interested reader, who would find it useful to first show that for any Y g B , +

( f - ' Y ) E A= ( E f ) - l ( Y E B ) .

0

The triple ( E , q , p )forms a monad on the category .r-Coalg. In addition to the naturality of 77 and p (Theorems 6.2 and 6.3), this means that for any .r-coalgebra ( A ,a ) the following diagrams commute.

-

EEEa EPa EEa

Ea

- EVA E E a

77EC-V

Ea

Demonstration of this reduces to showing commutativity of the corresponding diagrams in Set that result from replacing Ea by EA. Again these are standard ultrafilter calculations that need not be reproduced here. The reader who is interested to check the details would find it useful, in the case of the left diagram, to first show that for any X 2 A, &l(XEA) = (XEA)EEA.

189

The Definable Case The construction a c) A a also gives rise to a monad on .r-Coalg. First of all, A extends to a functor on .r-Coalg that assigns to each morphism f : ( A ,a ) -+ ( B ,p) the function Af : A A -+ A B having

A f ( G ) = {Y E D e f p : f - l Y E G } . The proof that O f is a morphism from A a to A p is similar to the proof that Ef is a morphism, using results 5.4 and 5.5 in place of 3.3 and 3.5. It is readily seen that the diagram

Ea

Qa

Aa

commutes, so the morphisms 0, are the components of a natural transformation 0 from E to A . A function q,d : A -+ A A is defined by q,d(z) = {X E D e f , : z E X } = e,(qA(Z)). Then q,d is a morphism from a to A a , being the composition of the morphisms q~ and 0,. The 7:’s are the components of a natural transformation from the identity functor on .r-Coalg to A , the composition of q and 8. Note that, unlike V A , q,d need not be injective: in general q,d(z)= q,d(y) iff z and y satisfy the same ground observable formulas in a , which holds iff z and y are bisimilar (Theorem 2.7). Thus q t is injective precisely when bisimilar states in a are equal. A natural transformation p A : A A -+ A is given by defining p,d(p) = { X E Def

:X A A E p } ,

where X A A = {G E A A : X E G } = Q , ( X E A ) (see Lemma 5.5). The proof that p t is a morphism A A a -+ A a is analogous to the proof that pa : EEa -+ Ea is a morphism. The triple ( A ,q A ,p A ) forms a monad on 7-Coalg, but one of a special kind, as the functor A is “idempotent up to isomorphism”, in the sense that A a and A d a are isomorphic. A “logical” explanation of this is that if cp and $ are ground observable formulas then by Theorem 5.4(2),

a+cp++$ iff AaI=cp*$,

190

and so 'pa = t+!Piff cpA" = Q"". Thus the map cp" H cpAa is a well-defined of definable subbijection between the Boolean algebras Def and Def sets of a and A a , respectively. Moreover this map is a Boolean isomorphism and gives a bijection between the sets of a-rich ultrafilters of Def L+ and taking G E A A to (9"": 'pa E G} E A A A . Aa-rich ultrafilters of Def This gives the isomorphism A a Z A A a . But the version of the Truth Lemma for A given in Theorem 5.4(1) shows that

cp"EG

iff GEcpAo,

so the isomorphism is the map G H (9"": G E cp""} = &(G). In other words, this isomorphism is just the component 77;"

: Aa

+Ada

of the natural transformation vA. Another proof that this component is a bijection follows from the observations firstly that is injective because A a is a simple coalgebra in which bisimilar states are equal, and secondly that is surjective because for anyp E A A A the set G = (9": cpA" E p } is a rich ultrafilter of Def o1 with q&(G) = p. It is noteworthy that part of this monad structure on A is the property that the diagram

772"

772,

A

Aa

A AAa

Aa commutes, so in fact the component p t of the natural transformation p A is itself the inverse of the isomorphism &, and hence is also an isomorphism. A monad on a category has an associated category of algebras. In the case of the A-monad, an algebra is a pair (a,f ) with f : A a + a a morphism for which the following commute: A

Ada

A

Aa

Af l -If

a

77"

Aa

f

Aa

a

a

191

But for an idempotent monad like A , in which the components p t are all isomorphisms, any such algebra ( a , f ) has f an isomorphism [Bor94, Proposition 4.2.31. For the ultrafilter monad on the category Set, the associated category of algebras is isomorphic to the category of compact Hausdorff topological spaces and continuous functions - this is Manes' Theorem, see [Man761 or [Joh82, Section I11 21. It would be of interest to know whether this situation lifts from Set to .r-Coalg, replacing the ultrafilter monad by the monad of E . Is there some topology that can be imposed on polynomial coalgebras that identifies a natural class of topological coalgebras isomorphic to the category of E-algebras f : Ea + Q! ? References Peter Aczel and Nax Mendler. A final coalgebra theorem. In D. H. Pitt et al., editors, Category Theory and Computer Science. Proceedings 1989, volume 389 of Lecture Notes i n Computer Science, pages 357-365. Springer-Verlag, 1989. Bor94. Francis Borceux. Handbook of Categorical Algebra 2. Categories and Structures. Cambridge University Press, 1994. GolOla. Robert Goldblatt. Equational logic of polynomial coalgebras. In Advances in Modal Logic, volume 4, World Scientific (to appear). Manuscript available at http: //wuw .mcs.v u w .ac .nz/'rob GolOlb. Robert Goldblatt. Observational ultrapowers of polynomial coalgebras. Manuscript available at http: //www .mcs.v u w .ac .nz/'rob GolOlc. Robert Goldblatt. What is the coalgebraic analogue of Birkhoff's variety theorem? Theoretical Computer Science, 266:853-886, 2001. Her93. Claudio Hermida. Fibrations, Logical Predicates and Indeterminates. PhD thesis, University of Edinburgh, 1993. Techn. rep. LFCS-93-277. Also available as Aarhus Univ. DAIMI Techn. rep. PB-462. Claudio Hermida and Bart Jacobs. Structural induction and coinducHJ98. tion in a fibrational setting. Information and Computation, 145:107-152, 1998. Jac96. Bart Jacobs. Objects and classes, coalgebraically. In B. F'reitag, C. B. Jones, C. Lengauer, and H.-J. Schek, editors, Object-Orientation with Parallelism and Persistence, pages 83-103. Kluwer Academic Publishers, 1996. JacOO. Bart Jacobs. Towards a duality result in coalgebraic modal logic. Electronic Notes in Theoretical Computer Science, 33, 2000. http: / / u u w . AM89.

elsevier.nl/locate/entcs.

Joh82. P. T. Johnstone. Stone Spaces. Cambridge University Press, 1982. Man76. Ernest G. Manes. Algebraic Theories. Springer-Verlag, 1976. ML71. Saunders Mac Lane. Categories for the Working Mathematician. Springer-Verlag, 1971.

192

PitOO.

Rei95.

Rut95.

RutOO.

Andrew M. Pitts. Categorical logic. In S. Abramsky, D. M. Gabbay, and T. S. E. Maibaum, editors, Handbook of Logic in Computer Science, Volume 5: Algebraic and Logical Structures, chapter 2. Oxford University Press, 2000. Horst Reichel. An approach to object semantics based on terminal co-algebras. Mathematical Structures in Computer Science, 5:129-152, 1995. J.J.M.M. Rutten. A calculus of transition systems (towards universal coalgebra). In Alban Ponse, Maarten de Rijke, and Yde Venema, editors, Modal Logic and Process Algebra, CSLI Lecture Notes No. 53, pages 231-256. CSLI Publications, Stanford, California, 1995. J.J.M.M. Rutten. Universal coalgebra: a theory of systems. Theoretical Computer Science, 249(1):3-80, 2000.

193

A LAYERED APPROACH TO EXTRACTING PROGRAMS FROM PROOFS WITH AN APPLICATION IN GRAPH THEORY

JOHN JEAVONS AND BOLIS BASIT Department of Mathematics and Statistics, Monash University, Australia E-mail: j [email protected], [email protected] AND

IMAN POERNOMO AND JOHN N.CROSSLEY School of Computer Science and Software Engineering, Monash University, Australia E-mail:{ihp,jnc}@csse.monash.edu.au

Abstract In this paper we describe our system for automatically extracting %orrect” programs from proofs using a development of the Curry-Howard process. Although program extraction has been developed by many authors (see, e.g., [7,3, lo]), our system has a number of novel features designed to make it very easy to use and as close as possible to ordinary mathematical terminology and practice. These features include (1) the use of Henkin’s technique from [8] to reduce higher-order logic to many-sorted (first-order) logic, (2) the free use of new rules for induction subject to certain conditions, (3) the extensive use of previously programmed (primitive) recursive functions, (4) the use of templates to make the reasoning much closer to normal mathematical proofs, and (5) an extension of the technique of the use of Harrop formulae to classically true formulae (cf. the footnote on p. 101 in Kreisel [ll]).

As an example of our system we give a constructive proof of the wellknown theorem that every graph of even parity, that is non-trivial in the

194

sense that it does not consist of isolated vertices, has a cycle. Given such a graph as input, the extracted program produces a cycle as promised. 1. Introduction

The well-known Curry-Howard isomorphism (see e.g. Howard’s original paper [9] or Crossley and Shepherdson’s paper [6] explicitly extending this to ordinary first order logic), produces a term of a lambda calculus from a (constructive) proof of a formula. This technique can be used to give a program that computes the constructive content of the formula. Thus, in arithmetic a constructive proof of a formula of the form Vx3yct.(x,y ) yields an algorithm for computing a function f such that a ( A , f ( A ) ) holds for every natural number n. ( A is the numeral for n.) In this paper we present an extension of the Curry-Howard isomorphism to a novel and expandable, first order, many-sorted, predicate calculus. Amongst other features, this logic also allows us to use previously programmed functions (and predicates), see below. The extension to a many-sorted calculus allows us to extract programs over different sorts. This has previously been done successfully in various higher order systems. Our approach avoids the use of higher order logic. It is well known that the programs extracted from full proofs in formal logic are immensely long both in size and in running time. We therefore introduce a number of novel features into our system. These are designed to mirror, as far as possible, normal mathematical practice. Besides the formal logical theory we also have a computational type theory. This computational theory is used to admit the use of pre-programmed functions and predicates. These functions (and predicates) can even be ones that we have just produced from our system. This is what we mean by “layering”. Moreover, we are able to retain a modularity between the computational type theory and the logical type theory of the Curry-Howard isomorphism. The interactions between the two are taken care of by our Curry-Howard protocol (see Section 3.1). These notions allow us to (1) (easily axiomatize and) use pre-programmed functions in our proofs in order to reduce the complexity and run-times of our programs, (2) retain a logic that is first order, (3) investigate and describe constructive proof “idioms” (analogous to programming “idioms” or “patterns”), and (4) define a protocol between programs and logic.

195

We have built a software system, written in ML and currently called proofEd, as an implementation of our system.a It has a UQXoutput feature, so that we can easily include proofs written in proof Ed in a document

such as the present paper. We demonstrate the system by using a constructive proof that every even parity graph contains a cycle and extracting a program that computes such a cycle from a given graph. There have been a number of systems exploiting the Curry-Howard notion of formulae-as-types. In particular we mention: Hayashi’s system PX [7], the implementation of Martin-Lof’s type theory [12], and Constable’s NuPRL [3,4]. The first two of these use logics that are not familiar to nonlogicians and the last uses its own hybrid system of logic and type theory. Our aim has always been to make the logic as close as possible to standard usage. In [6] a system of natural deduction in a very standard format is used. This system is briefly recapitulated in section 2. We build on this system. However, unlike traditional systems of mathematical logic this is a dynamic system in the sense that new axioms (or rules for induction) are constantly being added to it and in practice proofs are simplified during their construction. We work in proofEd in the same way as mathematicians: constantly introducing new functions and reusing previously proved theorems, or as computer scientists: constantly reusing (reliable) code. 2. The Logical Type Theory ( L T T ) We present a logical type theory (LTT) of many-sorted intuitionistic logic with equality (for each sort). The types are many-sorted intuitionistic formulae. The (“Curry-Howard”) terms are essentially terms in an extended typed lambda calculus that represent proofs. Reduction of Curry-Howard terms corresponds to proof normalization. The LTT is modular and extensional with respect to the operational meaning of its function terms. However the function terms may be programmed in a computational type theory. In this case we may introduce axioms for them in the LTT. These function terms can be defined in whatever way we wish, as long as they satisfy the axioms of the LTT. However the user is required to guarantee that these programs are “correct”.b Thus we retain a distinction between extensional meaning (given by the axioms they must satisfy) and intensional meaning (how they are coded in the computational type theory). aproofEd was developed from a previous system called Fred, see [5]. bThe word “correct” in this paper means “meeting its specification”.

196

Each term t E 7 has an associated sortC s - we denote this relationship in the usual fashion, by t : s. In constructing terms we shall always assume that the sort of the constructed term is appropriate. For example: If tl : s1 x s2 and t : (SI x sz + sg), then t(t1) : s3. The collection of all sorts, S, is defined as follows: We have a base collection of sorts SOthat will normally include the natural numbers, N. If s1 and s2 are sorts, then s1 + sz and s1 x s2 are sorts. We also admit SOas a sort, but SOmust not be in SO. S has associated with it a signature

Sig(S) = ({C,

: s E S } , {F,: s

E S})

where for each s E S, (i) C, is a set of function symbols (constructors) of sort s or o1x . . . xo, + s for some tuple of sorts d = o1,.. . ,on, and (ii) F, is a set of function symbols for associated functions F, : o1 x . . . x v, + s. For each sort s we also have a set of Harropd axioms A z , . The rules for first order natural deduction are readily adapted to the many-sorted case. We associate with each many-sorted formula a CurryHoward term (essentially a term of lambda calculus) representing the derivation of the rule’s conclusion. In order to normalize Curry-Howard terms we have reduction rules, see Fig. 2. We write t D u to denote that the term t reduces to the term u. Repeated application of these rules yields proof normalization. See Crossley and Shepherdson [6] for the full list of rules, all of which can be given in terms of X application and projections. The terms are formed using A, application , pairing (-, the projections fst and snd, (as usual we have the reduction rules: fst(z1,zz)= z1 and snd(zl,22) = 52) and two operations select and case that have reduction rules given in Crossley and Shepherdson [6] or Albrecht and Crossley [2]. a ) ,

=It is convenient to call the entities “sorts” rather than “types” as there are many other ‘‘types’’ in this paper. In fact for our present purposes we could easily reduce everything to first order. To do this we should just use a predicate, I n ( z , y ) , say, to represent “z is in the list y” and similarly for lists of lists. The technique is described in Henkin [8]. However we write our expressions in the conventional way and they therefore sometimes look as if they involve higher order expressions. dThe axioms one would normally employ in (constructive) mathematics are Harrop formulae (defined below). The restriction is a natural one and also has a significant effect on reducing the size of our extracted programs. Harrop axioms are axioms that are Harrop formulae and Harrop formulae are defined as follows: 1. An atomic formula or I is a Harrop formula. 2. If a: and p are Harrop, then so is a: A p. 3. If a: is a Harrop formula and y is any formula, then 7 -ia: is a Harrop formula. 4. If a: is a Harrop formula, then V z a is a Harrop formula.

197

Introduction Rules x A I- x A

Ass-I

Ax-I

when A E A x , for some sort s.

I- d f

1 df


A & B

I-

I- dA F inl(d)AVB

xAI-d:B

&-I v1-I

k AxA dA+B

+-I

I- d B v2-I I- inr(d)AVB

I- d A v-I I- Ax : R d V x E R A I- dA[t:R/x:R]

)

3-1 x : R A t : R x:

Elimination Rules

xAI-dC yBI-eC I-fAVB I- c a s e ( x A , d C , y B , e C ,f A V B ) C

V-E

Figure 1. Natural deduction rules and Curry-Howard terms. Ax-I stands for Axiom introduction. Ass-I stands for assumption introduction and G is a (Curry-Howard) term variable

198

1. AX.aA-+BbA 2. AX : S.avx:S.Au : S 3. f s t ( ( a ,b) 4. snd((a,b) 5 . case(bC,xA,c c , y B , inI(a)

a[b/XIB a[u/il A[vlzl D aA D bB D b[a/xlC 6 . case(bC,zA,c c , y B , inr(a) D c[a/ylc 7. seIect(y,zP,bc, ( ~ , a ) ~ g . ~ )D b[alxlI~/Yl

Figure 2.

D D

The seven reduction rules that inductively define D.

Fig. 1 gives the natural deduction rules and the Curry-Howard terms. Note that we use I (false) and then the negation of a formula A is defined as This means there is no need for a I introduction rule as this is a A -+I. special case of +-elimination: A , A +I k 1. We make the convention that all undischarged hypotheses or assumptions are collected and listed to the left of the t- sign although we shall usually not display them. 2.1. New induction rules

Adding a sort s with constructors often gives rise to a structural induction rule in the usual manner.e This may introduce a new Curry-Howard term operation rec, with the usual fixed point semantics, and an obvious set of reduction rules. For example, in Fig. 3 we give the signature, axioms, induction rule and definition of recN for the sort of natural numbers N . An important sort for representing graphs is the parametrized list, List ( a ) ,the list of objects of sort a. The constructors of List ( a )are:

(1) E , , the empty list in List ( a ) (2) con, : a x List ( a )+ List ( a ) . We abbreviate the term con(a)(t,Z)by ( t ) :: 1. We also use ( t O , t l , as an abbreviation for the term

.....,tn)

c m , ( t o , con, (tl ,con, (...con, ( t n , E , ) ) ) ) . Intuitively a list is a higher order object but we can in fact treat lists simply as constituting a new sort. Of course we then have to ensure that eHayashi [7] has a very general rule for inductive definitions but we do not need such power for our present purposes.

199

they have the properties that we require. In this case that is easily achieved since the necessary axioms are Harrop formulae which will add nothing to the computations. Lists have the following induction rule for each sort a. Let 1 be a variable of sort List ( a )and a a variable of sort a.

This gives rise t o a recursion operator recList a with the obvious operational meaning:

recList a 6,AB us A recList ( h ):: t A B 6 Bh(recLi,t

a

tAB)

2.2. New predicates and f u n c t i o n s

An important constructive proof idiom is that of predicate definition. In ordinary mathematics, we often abbreviate a formula by a predicate. This is a useful way of encapsulating information, aids readability and helps us to identify and to use common “proof patterns”. In proof Ed, we introduce a rule of predicate abbreviation for a formula F (with zero or more occurrences of the variable z) by:

F

set P ( x )

Note that we do not allow predicates over predicates. We introduce a new function letter f of type F and the following structural meta-rule (“Template”)for any Curry-Howard term q(z) where z is a Curry-Howard term of type P : If

Template

then

set F 5 P,

fF

q( .P)Q(P)

Q(f) Q ( F )

That is, if we have formula Q that is dependent on the formula P , then we may substitute the formula F for P in Q. The converse is also a rule. Of course in doing this we must avoid all clashes of variable. Template is a means of abstracting a proof over a “formula variable”. Defining it as a structural rule is a means of avoiding higher order quantification of formula variables (as in Huet, Kahn and Paulin-Mohring [lo]) - although this could be achieved by creating a new sort (logical formulae) with a universe hierarchy (as in Martin-Lof [ 121).

200

N is a sort, representing the natural numbers.

C ( N ) = (0 : N , s : N + N } } F ( N ) = (+ : N x N -+ N} Sig(N) = < C,F > Ax(N)= { vx : N ( x = x) vx : NVy : N ( x + y = y + x ) vx : NVy : NVz : N ( x + (y + z ) = (x y) vx : N ( x + 0 = x) vx : NVy : N ( . + s(y) = s(x y))

+ +z)

+

1 Structural induction rule generated by C ( N )

--

Associated reduction rules: reCN(A)O : N fst(A)) reCN(A)S(x): N snd(d)recN(A)x Figure 3. The sort of natural numbers, the associated induction rule and the operational meaning of the recN operator.

3. The Computational Type Theory ( C T T ) Our computational type theory is the programming language ML, although it might just as easily be LISP or C++. Any language L: for which there is a mapping from terms of Church’s simple typed lambda calculus with parametrized types into C will work. We define an extraction mapping q5 from Curry-Howard terms in the LTT to terms of ML. Each sort is mapped to a corresponding ML type. For any sortf s, we assume that all the f E F, are mapped to programs for functions that satisfy the appropriate axioms Ax,. ‘Note that each parametrized sort s : Sort1 type.

+ Sort2

corresponds to a parametrized

20 1

For instance, consider the sort of natural numbers. We assume that the satisfies the axioms given in Fig. 3 for the addition function. The predefined ML function for addition will suffice, with the sort N being mapped to the ML type I n t .

ML program corresponding to

+

Theorem 3.1. Given a proof pvx:s13Y:s2a(x~Y) in the logical type theory, there is a program f an the computational type theory ML such that a ( x : s1,f ( x ) : s2) is a theorem and the extractedprogram, f = q5(p), has ML type s1- > s2 * s3 where sa is the type of the computational content of a ( x ,y ) . The proof, see Albrecht and Crossley [l] and Poernomo [13], involves defining a map, q5, from Curry-Howard terms to terms of the simply typed lambda calculus by first “deleting” computationally irrelevant CurryHoward terms: that is, by removing Harrop formulae from deductions, and then extracting the value from the first part of the Curry-Howard term.

3.1. Protocol between the CTT and the LTT Note. A fuller and formal account of this protocol may be found in our paper [13]. Just as every f E F, has a corresponding program in the CTT,every program f in the CTT has a corresponding uniqueg constant, f , in the LTT.(We assume we have an infinite number of constant function symbols

tf

i k w

.>

We have the following structural rule (Skolemization). If a ( x , y ) is a Harrop formula and t is a Curry-Howard term, then tVZ3Y4GY) ()VZOr(Z ,fa(I))

f a is the “Skolem” function. From the perspective of the associated CurryHoward terms, it means that if we have a proof t of Vls3ya(x,y), then (the universal closure of) a ( x ,f a ( y ) ) can be treated as an axiom, with f a a constant identified in the CTT with q5(t). fa is a unique function constant. In the CTT,f a is a constant representing 4(t). For example, suppose we have a proof that for all x there is a y greater than x such that y is prime: tVs3y(Prime(y)hy>z)

gThere will be no confusion caused by using the same letter as the context will make clear which is intended.

202

By Skolemization, we have the Harrop formula ()v,(Prime(f(s))Af(z)>i)

and we know that f is a unique function representing $(t) in the CTT. f and its associated Harrop formula can be used in future proofs in exactly the same way as any other function constant and its Harrop axioms (for example, just like + and the axioms for addition). For each such function with a program in the CTT we also have a reduction rule

f (5)

--)

fo

that simply implements the program for f . A related proof idiom is Function definition. This involves both the LTT and the CTT. For instance, the function length, : List ( a ) -+ N is given by the following axioms

length,(€,) = 0 Zength,((a) :: 1) = i + length,(l) These axioms define a total function length, in the LTT. We are required to specify a corresponding program in the CTT. We associate the irreflexive CTT operation of computing with the reflexive LTT equality =. The axiomatization is a (total) recursive definition, that can be automatically translated into the following M L code in the CTT: let rec length-{\alpha) = function

C I ->o

..

I a::l -> l+length-{\alpha)(l)

$ 1

Note that, in larger proofs when we are anxious t o reduce the size of the term (program), we may choose to implement the associated program in a manner different from that suggested by the axiomatization. This is an important feature of our approach - intensionally distinct programs in the CTT correspond to extensionally interchangeable functions in the LTT. Of course, the programs extracted from our system are only as correct with respect to the axiomatization as these programs are correct (and correctly, though usually trivially, axiomatized) . As noted above, axiomatizations of functions in the LTT and their associated computational definitions in the CTT are separate. In many con-

203

structive proofs, functions are not proved and extracted: instead, a total function is defined by an axiomatization. 4. Representing graphs in the formal system

We consider a standard axiomatization of the theory of graphs, G, in terms of vertices and edges. The vertices will be represented by positive integers. Consider the graph with four vertices in Fig. 4a represented by the four element list of lists of neighbours ((1,2,3),(2,1,3),(3,1,2), (4))where each element is of sort List(N). Not all lists of elements of sort List(N) corre-

Figure 4.

Two sample graphs

spond t o graphs: in a graph the edge relation is irreflexive and symmetric. The list above has the properties (1) The nth member of the list is a list of numbers beginning with n. (2) (Symmetry)If the nth member of the list is a list containing m and m # n, then the mth member of the list is a list containing n. (3) Each member of the list is a repetition-free list of numbers.h

These properties are expressible in our formal system for G with the aid of certain extra function symbols, that we now define. Note that each function is provably total in the formal system. Here is the list of required functions in F ~ i ~and t , the associated axioms. All formulae are considered to be universally closed. We note that appropriate M L definitions can be generated automatically as in the previous section. (1) A binary function memberN of two arguments: a natural number, n, and a list.' The function computes the n th member of the list. hThis ensures that the edge relation is irreflexive and that no pair of vertices are joined by more than one edge (viz. the graph is a simple graph). 'For lists of elements of sort a we use member, as the function letter.

204

Since all functions are total we will need to use a “default va1ue”j for cases where n is larger than the length of the list or where n = 0. The definitions for the cases a = N , List(N) are given below. In all cases m is a variable of sort N , and 1 is a list variable of sort List(a),and a is a variable of sort a. The last four items are defined by list recursion.

memberN(0,Z)= 0 memberN(m,E N ) = 0 memberN(1,( a ) :: 1 ) = a memberN(m 1 , (a) :: 1 ) = memberN(m,1) memberLi,t(N)(0,O= E N memberList(N)(m,E L i s t ( N ) ) = EN memberList(N)(l, ( a ) :: 1) = a memberList(N) (m+ 1, ( a ) :: 1) = memberList(N) (m,1 )

+

(2) List successor, S. This function takes a list as argument, adds one to each number in the list and returns the revised list.

S(E) = E S((a) :: 1) = ( a + 1) :: S(1) (3) Position function, Zistpos. listpos(n,1) gives a list of all the positions the number n takes in the list 1. If the list 1 does not contain n then the empty list is returned. We take the head position as 0, so position Ic corresponds to the k + lst member of the list. Zistpos~n,E ) = € listpos(n, ( a ) :: 1 ) = (0) :: S(listpos(n, I)) if n = a Zistpos(n, ( a ) :: 1) = S(Zistpos(n,1)) if n # a

(4) Initial segment of a list, initlist. initlist(k,Z) computes the list consisting of the first Ic + 1 elements of the list 1, if Ic 1 > length(2) then the list 1 is returned.

+

initlist(k,E ) = E initZist(0,( a ) :: 1 ) = ( a ) initZist(Ic+ 1,( a ) :: 1) = ( a ) :: initZist(Ic,1) jNote that the default value for the first case below is 0. Because all our graphs contain only positive integers, it is always the case that when we apply our functions to lists of vertices we shall be able to decide whether we are getting a vertex or the default value.

205

(5) Tail segment of a list. We define a function tail (1, n) that has a list 1 (of natural numbers) and a number n as arguments and computes the list obtained by deleting the first n members of 1.

tail (El n) = € tail (1,O) = 1 tail ( ( u ) :: 1, n + 1) = tail (1, n)

5. Cycles in even parity graphs Once all the functions above are defined in proof Ed, we can set a predicate gruph(1) to mean that a list I of sort List(List(N))represents a graph.k The formula gruph(1) is defined in proofEd by the conjunction of four Harrop formulae:

set gruph(1) length(1) 5 1 + IA Vi(1 5 i 5 Zength(Z) + memberlv(l,’member~ist(~~(i,Z)) = i) A Vi (1 5 i 5 length(1)-+ rep~ree(memberList(lv)(i, 1))) A ViVj(((1 5 i 5 length(l)A (1 5 j 5 length(l)A j # i)) -+ listpos(j, member(i,1 ) ) # E + Zistpos(i, member(j,1 ) ) # 6)) where repfree(1)is a predicate (meaning “free of repetitions”) defined by

set repfree(1)= Vn((length(listpos(n,1 ) )

> 1) + I)

A graph has even parity if the number of vertices adjacent to each vertex is even. So each list in 1 must have an odd number length. Consider the function from lists of numbers to numbers defined by par(€)= 0 pur((u) :: 1 ) = 1 - par(1) where is the “monus” function.’ Then I is a list describing an even parity graph if evenpar(1):

set evenpar(1) graph(1) A V i ( 1 5 i 5 Zength(Z)+ pur(member(i,1 ) ) = 1) To motivate our method for cycle detection look again at the list 1 corresponding to the graph of Fig. 4a, with the given adjacency matrix above, kWe exclude trivial graphs consisting of one or zero vertices.

’Monus: x

1y is defined by I

y = x - y if

I

2 y and = 0 otherwise.

206

((1,2,3),(2,1,3),(3,1,2),(4)).Note that the same graph is represented by taking the first member as (1,3,2),the order of the numbers in the tail of each of the elements in the list 1 is not important. Now to locate a cycle we start by locating the first element in 1 that is a list of length > 1. This is (1,2,3) so we begin tracing a path with vertex 1 and since the first vertex mentioned in this list after 1 is vertex 2 we choose the edge from 1 to 2. Now scan the (tail of) the list (2,1,3) in 1 corresponding to vertex 2 for the first vertex not equal to 1 (we do not leave 2 by the same edge we arrived), this gives vertex 3 and so we now scan the (tail of) list (3,1,2) for the first vertex not equal t o 2. This leads to 1 and then 2, etc. Continuing in this manner we can construct a list of adjacent vertices ( 1 , 2 , 3 , 1 ,...) of arbitrary length. Such a list defines a walk in the graph. In proofEd, for c, a list of numbers (vertices), and 1 E List(List(N)),a graph (viz. a list of lists of numbers), we set waZk(1,c) as an abbreviation for the Harrop formula that is a conjunction of four formulae

set waZk(1,c) = length(c) > 1 A gruph(1) A Vk(1 5 k < length(c) + listpos( member( (k + 1),c ) , memberLi,,(N) (member(k,c ) ,1 ) ) # E ) A Vk(1 < k < length(c) + member(k + 1, c ) # member(k - 1, c)) The first occurrence of a repeated vertex yields a cycle represented by the sublist of the vertices between the repeated vertices, in this case ( 1 , 2 , 3 , 1 ) . Note that the desired sublist does not necessarily begin a t the vertex we start from, although in this case it does happen that way. To carry this construction over to the formal system we need a function that searches a list for the first element not equal t o a given number. The function spotadiff is defined so that spotadiff(1,m) gives the first element in the list 1 that is not equal to m; if there is no such element then the default value, 0, is returned. It is given by axioms:

spotadiff(€,m) = 0 a # m + spotadiff((a) :: 1,m) = a a = m + spotadiff((a):: 1,m) = spotadiff(1,m)

As usual it may be programmed independently in the CTT - by our convention we are simply required to guarantee that it satisfies the axioms. To start the construction we also need a function, which we call start, that takes as its argument a list, 1, of lists of numbers and returns the head of the first list in 1 that has length greater than 1, i.e. locates the first

207

non-isolated vertex. If there is no list in 1 with length 0 is returned.

> 1 then the default

start(€)= 0 length(a)> 1 + start((a) :: 1) = member(1,a) length(a)5 1 + start((a) :: 1 ) = start(1) As usual, the function symbol start corresponds to a program in the CTT that satisfies the axioms. Finally, the function gen that generates a list of adjacent vertices from the list 1 specifying the graph can now be defined. gen(1,n ) gives the vertex for the nth stage of construction. It has the following axioms

gen(1,O)= start(1) gen(1,1) = member~(2, memberLUt(N)(start(Z), 1) gen(1,n 2) = spotadiff(taiZ (memberList(N)(gen(l,n l),Z)), l ) ,gen(1,n))

+

+

If 1 is a list corresponding to an even-parity graph then the function gen(1,m)is either identically zero (in the case that 1 has no edges) or the function is never zero and gen(1,rn) and gen(1,m + 1) are adjacent vertices for every m. We need to make sure that we have a term in our language to represent a list of the form (gen(Z,O),gen(1,l),. . . , gen(1,k)) for any k,1. Actually it is easier to define a function that computes the reverse of this list. We define a new function genZist(1,k)where 1 is a term of sort List(List(N)), and k is a term of sort N . The function has values of sort List(N) genlist(1,0 ) = (gen(1,0 ) ) genZist(Z,k + 1) = (gen(1,k

+ 1 ) ) :: genlist(Z,k)

So genZist(1,k) corresponds to (gen(1,k), ...g en(1,0 ) ) . 6. The Proof

In proofEd, just as in mathematics practised by mathematicians, we can build up a proof in layers, using earlier layers in order to achieve the next layer. In this section we examine the topmost layer, where the required theorem is proved using several lemmas which we assume we have already proved. If c is a list of numbers then cycle is a predicate defined in proofEd: set cycZe(c,1)

member(1,c ) = member(length(c),c) A repfree(tai1(c,1))A walk(1, c )

208

The Main Theorem we want to prove is V1 (evenpar(1) A start(1) # 0 + 3c( cycle(c, 1 ) ) )

This says that if Z represents a graph that does not consist entirely of isolated vertices, then Z contains a (non-trivial) cycle. We let the predicate genZistGivesWalk(Z) stand for the statement that the function genlist generates walks in the graph 1; from these walks we wish to extract a cycle: set genlistGives Walk(1) evenpar(1)A start(1) # 0 + Vm ( m > 0 + walk(l,genlist(1,m))) This can be proved by observing that a cycle in a graph(represented by a list 1) can be represented by a list c such that (i) each pair of successive members defines an edge of the graph (corresponding to Z), (ii) the first and last entries of the list c are the same and (iii) these are the only repeated vertices in c. However, note that genZistGivesWaZk(1) is represented by a Harrop formula - it has no constructive content. Because it is Harrop it does not contribute to the computation and nor does its proof. It therefore does not matter whether we establish this constructively or even classically. We can just take it as a new (computational-content-free) axiom. The proof of the Main Theorem relies on the lemma following that states that it is provable that any list of numbers is either repetition free or the list contains an element (say a) such that for some tail segment of the list the element a occurs exactly twice in the segment and no other element occurs more than once in this tail segment.

Vl(repfree@)V ListHas UniqueEltOccursTwiceInTail ( 1 ) ) where ListHas UniqueEltOccursTwiceInTail (1) is a predicate defined by: set ListHas UniqueEltOccursTwiceInTaiZ( I ) l a 3k 3m (listpos(a, tail (1, k)) = (0, m

+ 1A

repfree(tad (1, k

+ 1)))

This Main Lemma is proved in Appendix A. The constructive proof of this lemma is the key to cycle extraction. Note that the proof of the lemma involves understanding what the predicate ListHas UniqueEltOccursTwiceInTailstands for. However, once we have proved the lemma, the definition of this predicate can be “encapsulated” and not looked at again. We do not need to look at the definition now to prove the theorem. The M L program extracted for the lemma is disp!ayed in Fig. 5 where KSC158 and Cgr20 are programs corresponding to other lemmas used in the proof of the lemma - see Appendix C for a full listing of their programs.

209

In this program we can see how recursion corresponds to induction. Here the base case of the recursion occurs in lines 2-4 and the rest of the program corresponds to the induction step, while the actual recursive call comes in the function call for fun81 four lines from the end. Inside the induction step the most important calls are to Cgr20 (see Appendix C.3) and KC158 (see Appendix C.4) below. The first step towards the Main Theorem is to use V elimination on the lemma, replacing Z by the term genlist(1, length(1) 1).

+

+

VZ(repfree(genZist(1,length@) 1))v ListHas UniqueEltOccurs TwiceInTail (genlist(1,length(1) + 1))) We can establish the deduction (see Appendix B) of

evenpar(Z) I- repfree(genZist(l,length(Z) + 1))+ I Note however that this formula is Harrop - so has no constructive content, and is of course true in the intended model. (If 1 only contains numbers 1 , . . . ,n, then a list of length n 1 constructed from Z must have a repetition). We can take therefore take this formula as an axiom. This Harrop axiom together with the formula obtained from the lemma above by V-elimination can be substituted into the following proof pattern (using applications of I-elimination and V-elimination):

+

AVB A,A+II-B B

BI-B

This gives us

ewenpar(Z) t- ListHas UniqueEltOccursTwiceInTail(genZist(Z,Zength(Z) + repfree( tail (genZist(1, length(1) l),k

+

and therefore (1)

evenpar(1) I- ListHas UniqueEltOccursTwiceInTail (genlist(Z,length(Z) + We can also obtain (2)

start(1) # 0 A evenpar(l), ListHas UniqueEZtOccursTwiceIn Tail (genlist(1,Zength(1)

+ 1))

I- 3c (cycle(c, 1 ) )

(1) and (2) give our theorem.

210

let Cgr21 = let rec fun80 1 = begin match 1 with [ 3 -> inl(1et fun100 x = (s 0 ) in fun1001 I h::t -> let fun81 z = let fun82 1 = let fun83 X217 = begin match (X217) with inl(g) -> ((let fun92 X218 = begin match ( ( ((Cgr20 1) X218) z)) with inl(g) -> (inl(1et fun98 x = begin match (((KSC158 x) z ) ) with inl(g) -> ( 0 ) I inr(g) -> (X218 x) end in fun98)) I inr(g) -> ((let fun93 X221 = inr ( (z (0 ((X221) let fun94 x = (app X221 (let fun95 y = (X218 x) in fun95)) in fun94)))) in fun93) g) end in fun92) g) I inr(g) -> ((let fun84 X219 = (select X219 (let fun85 b = let fun86 X241 = inr((b (select X241 (let fun87 c = let fun88 X242 = ( ( s c ) ((pi1 X242), let fun89 x = ( (pi2 X242) x) in fun89)) in fun88 in fun87)))) in fun86 in fun85)) in fun84) g) end in fun83 in fun82 in fun81 h t (fun80 t) end in fun80 J

J

J

.. J J

Figure 5 . ML program (for Cgrll) extracted from the proof of the Main Lemma: V1( repfree(1) V ListHasUniqueEltOccursTwiceInTail( I ) )

21 1

(1) For the proof of (2) the witness for c is the initial segment of the list

tail (genlist(l,length(Z)

+ l),k )

consisting of elements in positions 0 t o m inclusive instantiated to the term

-

so c will be

initZist(m,tail (genZist(l,length(Z) + l),k)). To establish (2) we use the true Harrop formula (3) (see next comment) :

VZ V k Va Qm ((sturt(l)# 0 A ewenpar(l))A (listpos(a,tail (genlist(l,length(l) l), k)) = (0,m)A repfree(tai2 (genlist(l,Zength(Z) I),k I)))) -+ cycle(initlist(rn,tail (genlist(l,Zength(l) l),k)),1 ) )

+

+

+

+

jFrom this we form the deduction

((start(l)# 0 A ewenpar(2)) + (listpos(a,tail (genlist(l,length(Z) l),k)) = (0, m 1) + repfree(tail (genlist(l,Zength(Z) l),k 1)))) t- cycle(initlist(m, tail (genlist(l,length(l) l),k)),1)

+

+

+

+

+

3-introduction gives:

((start(l)# 0 A ewenpur(Z))A (Zistpos(a,tail (genlist(Z,Zength(Z) I),k)) = (0, m 1)A repfree(tuiZ (genZist(l,length(l) l),k t- 3c (cycle(c,1 ) )

+

+

+

+ 1))))

Application of 3-elimination (3 times) finally gives

sturt(l) # 0 A ewenpur(l) A 3a 3k 3m ((Zistpos(a,tail (genZist(Z,Zength(l) l),k))(O, m + 1) A repfree(tad (genlist(l,kngth(l) + I),k + 1)))) t- 3c cycle(c,l)

+

By our definition of ListHas UniqueEltOccursTwiceInTuil(1), this is equivalent to (2). (2) We shorten the proof by not giving a formal proof of the formula (3). This is a Harrop formula and therefore has no computational content, therefore, since it is true (in the intended model), we can take it as a new axiom.

212

In establishing (2) above it may look as if we are cheating and simply stating that the list for the cycle is initlist(m,tail (genlist(l, length(1) l),k)). In fact the computational content of this is all in the proof of the Main Lemma. This proof yields an algorithm that, given a list, extracts a sublist with the property that the first and last elements are equal, and that there are no other repetitions in the sublist. We are applying this algorithm to a particular list generated from the graph list 1 via genlist. We “trust” genlist to generate a walk from list 1 and then apply our constructive proof of the Main Lemma to this generated list. Suppose we were to use V-elimination with t on the theorem for the graph we wish to use. Then (provided we are in fact dealing with a term t that represents a non-trivial even parity graph), we could add the Harrop axiom evenpar(t) A start(t) # 0 to obtain a proof of 3c(cycle(c, t ) ) . This proof will normalize to give a term for c that represents the cycle. The final program uses the program Cgr21 for the Main Lemma (see Fig. 5) and is as follows:

+

l e t main = l e t fun96 1 X = begin match ((Cgr21 ( g e n l i s t 1 (s i n l ( g ) -> C 1 I i n r ( g ) -> ( ( l e t ( s e l e c t (X40) ( l e t fun98 b = l e t fun99 X43 = ( s e l e c t (X43) ( l e t fun100 c = l e t fun101 X44 = (app ( ( p i 1 X44)) ( l e t fun102 y ( i n i t l i s t (y+l) ( t a i l (genlist i n funl02)) i n fun101 i n funl00)) i n fun97)g) end i n fun96

(length 1) 1) ) ) with fun97 X40

=

= 1 ((length 1)+1) ) c ) )

i n fun99 i n fun98))

2 2

Here the M L items app and s e l e c t are aliases for function application defined by l e t app x y = (x y);; l e t s e l e c t x y = (y x);;

21 3

Note that the main function takes an input 1 for the graph we want to use and also an input X. X should stand for a term mapped by the extraction map, 4, from a proof that evenpar(t) A start(t) # 0. However, that statement is Harrop, so X can be anything (because it is not used in the computation). This is somewhat unsatisfactory, although not unexpected: it follows from comment 4. So main is correct modulo whether ewenpar(t) A start(t) # 0 is true or not. If we go on to prove

eerenpar(t) A start(t) # 0 V T(evenpar(t) A sturt(t) # 0) then we can extract a program to determine if ewenpar(t)Astart(t) # 0 is true or not, and then use this to extract a program defined for all graphs that calls main only if ewenpar(t) A start(t) # 0 is true, and returns some “error” value if not. As a further refinement it is also possible to create a new “predicate subtype” (see Rushby, Owre and Shankar [14]) T 5 graph of evenpar(t) A start(t), and alter the map graphs, such that t : T 4 so that main is defined only for t : T .

7. Demonstration results Finally we present some practical results. Here is the result for the graph with four vertices in Fig. 4a. #main [[1;2;31;[2;1;31;C3;1;21;[411;; - : i n t l i s t = [I; 3; 2; I1 Next we consider the even parity graph in Fig. 4b with vertices 1,.. . , 6 and extract a cycle in it. [4;3;51;C5;4;31;[6;1;311;; #main [[1;2;6];[2;1;31;[3;2;4;5;61; - : i n t l i s t = C3; 5; 4; 31 8. Conclusion

We have demonstrated a system for extracting programs from proofs in a very natural (first-order) logic which allows us directly to use programs that we have previously constructed. In our example we constructed a program Cgr2i which we had previously extracted from a proof, and then we used that program, called as Cgr21 in our main program. Thus we are able to build on our earlier programs directly in our logic. The system has been

214

demonstrated in an example from graph theory and, because of our layering of programs and proofs, the final programs are, within limits, readable by humans. In fact it is not as readable as we might like because we have performed certain optimizations, in particular reductions involving Harrop formulae. We have therefore a balance between legibility and optimal coding. However our main program is very short not only because it calls previous programs that we have either extracted from proofs but also because we are able t o use programs from the standard programming language ML. In fact, in the case of our main program the abstract structure of the proof is fairly clearly reflected in the M L program we extract. This leads to the program being modular over the previously extracted programs. Modularity is an important issue in software engineering and our method represents a step in formalizing modular construction of programs. References 1. David Albrecht and John N. Crossley. Program extraction, simplified proofterms and realizability. Technical Report 96/275, Department of Computer Science, Monash University, Australia, 3800, 1996. 2. David William Albrecht and John Newsome Crossley. Program extraction, simplified proof-terms and realizability. Technical Report 271 , Department of Computer Science, Monash University, Australia, 3800, 1997. 3. Robert L. Constable, Stuart F. Allen, H. M. Bromley, W. R. Cleaveland, J. F. Cremer, R. W. Harper, Douglas J. Howe, T. B. Knoblock, N. P. Mendler, P. Panangaden, James T. Sasaki, and Scott F. Smith. Implementing Mathematics with the Nuprl Development System. Prentice-Hall, NJ, 1986. 4. Robert L. Constable, Stuart F. Allen, H. M. Bromley, W. R. Cleaveland, J. F. Cremer, R. W. Harper, Douglas J. Howe, T. B. Knoblock, N. P. Mendler, P. Panangaden, James T. Sasaki, and Scott F. Smith. Implementing Mathematics with the Nuprl Development System. Prentice-Hall, NJ, 1986. 5. John Newsome Crossley and Iman Poernomo. Fred: An approach to generating real, correct, reusable programs from proofs. Journal of Universal Computer Science, 7:71-88, 2001. 6. John Newsome Crossley and John Cedric Shepherdson. Extracting programs from proofs by an extension of the curry-howard process. In John Newsome Crossley, Jeffrey B. Remmel, Richard A. Shore, and Moss E. Sweedler, editors, Logical Methods, pages 222-288. Birkhauser, Boston, MA, 1993. 7. Susumu Hayashi and Hiroshi Nakano. PX - A Computational Logic. MIT Press, Cambridge, MA, 1988. 8. Leon Henkin. Completeness in the Theory of Types. Journal of Symbolic Logic, 15:81-91, 1950. 9. William Howard. The formulae-as-types notion of construction. In John Roger Hindley and Jonathan Seldin, editors, To H.B. Curry: Essays

215

10.

11.

12. 13.

14.

on Combinatory Logic, Lambda Calculus, and Formalism, pages 479-490. Academic Press, 1969. Gerard Huet, Gilles Kahn, and Christine Paulin-Mohring. The Coq Proof assistant Reference Manual: Version 6.1. Inria, Coq project research report RT-0203 edition, 1997. Georg Kreisel. Interpretation of analysis by means of constructive functionals of finite types. In Arend Heyting, editor, Constructiuity in Mathematics, Proceedings of the Colloquim held at Amsterdam in 1957, pages 101-128. North-Holland, Amsterdam, 1959. Per Martin-Lof. Intuitionistic Type Theory. Bibliopolis, Naples, Italy, 1984. Iman Poernomo and John Newsome Crossley. Protocols between programs and proofs. In Kung-Kiu Lau, editor, Logic Based Program Synthesis and Transformation, 10th International Workshop, L O P S T R 2000 London, UK, July 24-28, 2000, Selected Papers, volume 2042 of Lecture Notes i n Computer Science, pages 18-37. Springer, 2001. John Rushby, Sam Owre, and N. Shankar. Subtypes for specifications: Predicate subtypes in PVS. IEEE Transactions on Software Engineering, 24(9):709-720, 1998.

APPENDIX A We establish the Main Lemma

V1(repfree( 1) V 3a3k3m(Zistpos(a, tad (1, k)) = (0, m

+ 1) A

repfree(tazl(1, k + 1))))

by list induction. We introduce A(a,Ic, m, 1) using Template:

set A ( a , k , m , l ) listpos(a,tail(l,k))= ( O , m + l ) A r e p f r e e ( t a z Z ( l , k + l ) ) Base case. 1 = E N In this case we have repfree( E )

so by V-introduction we obtain repfree(€)V 3a3k3mA(a, Ic, m, Z)

Induction step. We have to show VbVZ((repfree(l)V 3a3Ic3mA(a,k,m,Z))+ (repfree((b) :: 1) V 3a3k3mA(a7k , m , (b) :: I ) ) )

216

It suffices to obtain the deduction: repfree(1) V 3a3k3rnA(a,k,rn,I ) I- repfree(@) :: I) V 3a3k3rnA(a,k,rn, ( b ) :: 1)

(2)

since an application of +-introduction followed by two applications of V-introduction gives the induction step. To establish (1) we show repfree(1) I- repfree((b) :: 1) V 3a3k3rnA(a,k,rn, (b) :: I )

(2)

and

3a3k3rn(A(a,k,rn,I ) I- repfree((b) :: 1) V 3a3k 3rn(A(a,k,rn, (b) :: I )

(3)

We begin with (2). We first establish the deduction: repfree(I),listpos(b,Z) = E V 3r(Zistpos(b,I ) = ( r ) ) I- repfree(@) :: I)

v 3a3k3rnA(a,k,rn, ( b ) :: 1 ) ) (4)

Then since (from Appendix B) we have the lemma: repfree(2) I- Zistpos(b, 1) = E V 3rZistpos(b,1) = ( r )

(5)

Now for (4),first note that we can obtain (see Appendix B) repfree(I),Zistpos(b, 1) = E I- repfree(@) :: I ) so by V introduction we obtain the expression on the right of the logical Iin (4).We can also show (see Appendix B)

Iistpos(b,I ) = ( r ) I- Iistpos((b) :: I ) = (0, r

+ 1)

and then repfree(I) A 3rZistpos(b, I) = ( r ) )I- 3a3k3rnA(a,k,rn, (b) :: I )

+

where the witnesses for a, k,m are b, 0, r 1respectively. Intuitively, we are saying that if we have a repetition free list (c, ..,b, ...) then adding b to the head gives (b,c, ...,b, ..) and b is the only repeated entry. An application of V introduction to this deduction then gives the required conclusion, repfree((b) :: 1) v 3a3k3rnA(a,k,rn, (b) :: 1)

This establishes (4)and hence also (2). We now establish (3), by showing:

3a3k3rnA(a,k,rn,1) I- 3a3k3rnA(a,k,rn, ( b ) :: 1 ) )

217

Then (3) will follow by an v introduction. Recall that A(a,k,m, 1) is

listpos(a, tail (1, k)) = (0, m

+ 1) A repfree(tail (I,k + 1))

Using the definition of tail we can easily establish

tail (1, k) = tail ( ( b ) :: 1, k

+ 1)

Hence we have listpos(a, tail (2, k)) = lZstpos(a, tail ( ( b ) :: 1, k + 1))

So we have the deduction

+

+

listpos(a, tail (1, k)) = (0, m 1)A repfree(tail (1, k 1)) I- listpos(a, tail ( ( b ) :: 1, k + 1)) = (0,m 1) A repfree(tail ((b) :: 1, k + 2))

+

3 introduction applied three times followed by 3 elimination also applied three times gives 3a3k3mA(a,k,m, 1) I- 3a3k3mA(a,k,m, (b) :: 1 ) which establishes ( 6 ) , hence (3), and the induction step is finished.

APPENDIX B 1. We establish the lemma used in Appendix A, repfree(1) I- listpos(b, 1) = E

v 3r listpos(b, 1 ) = ( r )

that is, VnZength(listpos(n,1 ) )

5 1 I- listpos(b, 1) = E v 3r listpos(b,1) = ( r )

The following theorems are easily established by list induction Vl(Zength(1) = 0

+ 1 = E)

W(length(1) = 1 + 3r 1 = ( r ) )

and then an application of V elimination replacing 1 by listpos(b, 1) gives the result. 2. We establish repfree(l), Zistpos(b, 1) = E t- repfree((b) :: 1 )

218

that is,

V n Zength(Zistpos(n,1 ) ) 5 l,Zzstpos(b,1) = E t- V n Zength(Zistpos(n, (b) :: 1 ) ) 5 1 This can be established by showing

Iength(Iistpos(n, 1 ) ) 5 1,n # b t- Zength(Izstpos(n,(b) :: I ) ) 5 1 and

length(Zistpos(n,I ) )

4 1,n = b, lzstpos(b,1) = E t- Zength(Zistpos(n,(b) :: 1 ) ) = 1

3. The theorem

Zistpos(b,Z) = ( T ) -+ listpos(b, ( b ) :: I ) = (0,r

+ 1)

follows easily from the definition of Zzstpos. 4. The proof of the Main Theorem used the deduction

evenpar(Z,n ) t- repfree(genZist(Z,n + 1))-+ I where we define evenpar by overloading evenpar as the two place function defined by

set evenpar(2,n)

evenpar(Z) A Zength(Z) = n.

We now establish this result. We need to introduce a new binary function sum that has as arguments a list of natural numbers and a natural number. The definition is

sum(I,0 ) = Zength(Zistpos(0,Z)) sum(Z,k

+ 1) = sum(Z,k ) + Zength(Zzstpos(k + 1,Z)) i=k

So sum(I,k) computes

C Zength(lzstpos(i,1))

i=O

The next two lemmas are established by induction on n. Lemma A. V n ( b 5 n -+ surn((b):: 1, n ) = 1 surn(Z,n ) ) .

+ Lemma B. Vn(repfree(E) -+ surn(Z,n) 5 n + 1). Note that

Z is a free list variable here, and b is a free number variable.

Lemma C. VZ(Vi member(i,I ) 5 n -+ surn(Z,n ) = Zength(Z)). This is established by list induction.

219

Base case. 1 = E . We can easily show s u m ( ~n) , = length(€)

and the result follows. Induction step. It suffices to show V i member(i,Z) 5 n

-+sum(1,n) = Zength(Z),

V i member(i, (b) :: 1 5 n) I- sum((b) :: 1,n) = Zength((b) :: 1 )

and this follows from Lemma A since the hypothesis b 5 n is implied by V i membedi, (b) :: 1 ) 5 n so that sum(@) :: I , n) = 1 sum(1,n) = Zength((b) :: 1 ) follows from the hypotheses for the induction step.

+

At last we can show the result we are seeking

evenpar(1,n ) I- repfree(genZist(1,n

+ 1))+ 1

The definition of evenpar(1,n) allows us to show

evenpar(2,n) k V i member(i, genZist(1, n + 1))5 n

+ 1) replacing I to obtain evenpar(1,n ) I- surn(genZist(1,n + 1))= Zength(genZist(1,n + 1))

now apply Lemma C with genZist(1,n

Now Lemma B gives

repfree(genZzst(Z,n + 1))+ sum(genZist(Z, n

+ 1)) 5 n + 1

+ 1))= n + 2, we have evenpar(1,n ) ,repfree(genZist(2,n + 1))k 1

but since k Zength(genZist(1,n

and we are done.

APPENDIX C Here is the listing of the M L functions called in the program for Cgr21. Each function is generated with an accompanying “documentation” - the formula t o whose proof the function corresponds which is given in square brackets as a comment to the program.

220

1. The program for KSC137b

[ALL x . CCx=Ol I CCx=s(O)l I [EXISTS a . Cx=s(s(a>>1]111 let KSC137b = let rec fun65 x = begin match x with 0 -> inl(unit) I _ -> let fun66 x = let fun67 X46 = inr ((let rec fun68 x = begin match x with 0 -> inl(unit) 1- -> let fun69 x = let fun70 X47 = inr(x) in fun70 in fun69 (x-1) (fun68 (x-1)) end in fun68 x)) in fun67 in fun66 (x-I) (fun65 (x-I)) end in fun65 (*

*>

2. The program for KSCl33

.

[ALL y-natnum . [ [(x"natnum+y"natnum)=s(O)l--> C[x-natnum=s(O>l I ~y~natnum=s(O)lllll*) let KSCl33 = let fun71 x = let fun72 y = begin match ((KSCl37b x)) with in1(g) -> (inr(unit) ) I inr(g) -> ((let fun73 X40 = begin match (X40) with inl(g) -> (inl(unit)) I inr(g) -> ((let fun74 X41 = (select X41 (let fun75 a = unit in fun75)) in fun741 g) end in fun73) g) end in fun72 in fun71 (* [ALL x-natnum

.. S

l

22 1

3. The program for Cgr20

[ALL 1-List . [[ALL x-natnum . [EXISTS a-natnum . ~(fd(listpos~x^natnum,1^List>>+s~a~natnum>>=s(s(O>~l11--~ [ALL x-natnum . CClistpos(x^natnumJ1~List)=ernptlist^Listl I [EXISTS y-natnum . [listpos(x^natnum,l^List)= cons(y”natnum,kemptyseq^List>llllll *> let Cgr20 = let fun76 1 = let fun77 X31 = let fq78 x = begin match ((select (X31 x) (let fun79 a = a> unit>> with begin match ((((KSC133 (fd (listpos x 1) (*

>>

inl(g) -> (inr(unit>> I inr(g> -> ((inl(unit>) end in fun79))) with in1(g) -> (in1(unit> ) I inr(g> -> ((inr(((Cgrl9 (listpos x 1)) unit>>> end in fun78 in fun77 in fun76 J J

4. The program for KSCl58 (*

[ALL x

. [ALL y . [[x=yl

I ~Cx=yl--~Bottom1111 *>

let KSC158 = let fun54 x = let fun55 y = begin match (((KSCl39 x> y>> with inl(g) -> ((let fun59 X45 = inr(unit) in fun59)g) I inr(g> -> ((let fun56 X52 = begin match (X52) with inl(g) -> (inl(unit>> I inr(g> -> ((let fun57 X54 = (select X54 (let fun58 a = inr(unit) in fun58)) in fun57)g) end in fun56)g) end in fun55 in fun54

..

2 3

222

A COMMON STRUCTURE OF LOGICAL AND ALGEBRAIC ALGORITHMS

KAWAGUCHI, YUUICHI Dept. of Liberal Arts and Sciences, Tenshi College 31 -2, Kita 13, Higashi 3, Higashi-ku, Sapporo, Hokkaido 065-0013 Japan E-mail: yuuichiOtenshi. a c . j p In this paper, it is shown that there is a common structure of algebraic algorithms and logical algorithms. Three examples of problem-solving are shown. Simultaneous equations for describing and solving the problem are used in one example, and congruence expressions are used in another example. Both of these problem are algebraic. Logical formulae and the resolution principle are used in the third problem, which is a logical problem. The three examples are formalized by using three basic concepts, a description of a given problem, an answer to the problem, and the relationship between these two. In the formalization, the algorithm always consists of a sequence of transformations of descriptions. When a description is transformed into another form, the algorithm is guaranteed to be correct, i.e., the correct answer is obtained, if the transformation keeps the answer not changed.

K e y Words: problem solving, program transformation, common structure.

1. Introduction 1.l. Common Structure

It has been shown that there is a common structure of algorithms for solving algebraic problems [6]. In this paper, it is shown that algorithms for solving a logical problem have the similar structure. Note that the meaning of the word ‘structure’ in this paper is different from the one in logic [9]. Three examples of problem-solving are shown. Two of the problems are algebraic, and one is logical. In this paper, it is shown that an equation holds in the three examples and that the algorithm used for solving the problem always consists of a sequence of transformations satisfying that equation. All of the examples shown in this paper have already been solved. Both of the algebraic problems have efficient method for solving. The logical

223

problem also have a method for solving, but it is not efficient. However, the existance of a common structure suggests that there is also an efficient method for solving for the logical problem. In order to solve a given problem, the problem must be described in a formal system. The answer is bound to the description by a certain relationship. In formal systems, relationships are expressed by using maps. Let D be a set of all formal descriptions and A be a set of all answers. Given that the formal description of a given problem is d E D ,the correct answer to it is a E A , and the map that expresses the relationship is f : D + A, then it is shown that a = f(d) holds in all three examples. Note that an element in the set A is not always correct. The set describes only the shape of each answer. The word ‘formal system’ is different from that in logic [9]. It is a general one. The ‘formal description’ is not limited to only logical formulae. In general, it is difficult to compute f ( d ) directly. Suppose that there is another description, d‘, that satisfies a = f (d’) and that makes computation off (d’) easier. It is reasonable to use f (d’) for obtaining the correct answer a. In this case, the algorithm for solving the problem is one by which the original description is transformed into the description d’. If d can not be transformed into d’ in one step, then the algorithm is a sequence of transformations. Suppose that a sequence d = d l , d2,. . . ,d, = d‘ are made by the algorithm, where di is transformed into di+l for each i = 1,2, . . . ,n - 1. If it holds that a = f ( d ) = f(d2) = ’ . * = f ( d n ) , then the algorithm is guaranteed to be correct, i.e., the answer obtained is correct. A transformation that fulfills this condition is called an ‘equivalent transformation.’ It is shown that each of the algorithms used to solve the three examples consists of equivalent transformations.

1.2. Related Work The idea for this paper originates from Akama’s work [I]. The work proposed a computational framework based on equivalent transformations. Computation in the framework is guaranteed to be correct and is more sufficient than that in the logic programming paradigm. An alternative transformation method for logical formulae, folding and unfolding is described in a book [3]. There are many books and papers on formal description of problems and automatic generation of algorithms (e.g., Dijkstra [2] and Kowalski [7]). The focus of this paper is on common structure of algorithms.

224

2. Three Examples 2.1. Cranes and Tortoises

Let us consider the following problem. Suppose that there are some cranes and tortoises. The total number of heads of the cranes and tortoises is 35, and the total number of legs is 94. Given this information, how many cranes and tortoises are there? This problem can be expressed by the following simultaneous equations: x+y=35

2a:

+ 4y = 94

The symbol a: is the number of cranes and y is the number of tortoises. The correct answer to the problem is the pair of integers x and y satisfying Eqs. (1) and ( 2 ) . Eqs. (1)and ( 2 ) can be rewritten by matrices. Let matrix

A be

(g :),

matrix X be

(i),

and matrix C be

(i:).

Eqs. (1) and

(2) can then be denoted as A X = C. By multiplying the inverse matrix of A , which is denoted as A - l , by both sides of A X = C from the left, we have A-IAX = A-lC, and then we have X = A-lC. Thus, if there is A - l , then the correct answer X =

(i)

is obtained. The existence of

A-l is guaranteed, since matrix A is regular. Gauss-Jordan's method [8] is usually used to compute A-l . According to this method, a given matrix is transformed into a unit matrix E =

(;:).

There are three classes of elementary transformations for matrices:

Ei(c) : multiply all elemeds in the ith column by c. Ei,j(c): add the ith column multiplied by c to the j t h column (i Pi,j : exchange the ith and j t h columns (i # j).

# j).

Since each elementary transformation is implemented by a matrix, the application of it is denoted as a multiplication of matrices. For example, if t is an elementary transformation and M is a matrix, then the application o f t to M is denoted as t M or M t . According to Gauss-Jordan's method, we have three concrete elementary transformations, t l , t2 and t ~where , tl = E1,2(-2), t 2 = E ~ , I ( - $ ) and t3 = Ez( By applying them to matrix A sequentially, we have t3 . t2 . tl . A = E. This implies that A-' = t3 . t 2 . tl.

i).

225

By multiplying A-l by both sides of A X = C from the left, we have

A-lAX = E . X = X =

= A-lC = t3 . t2 .ti .

Therefore, the correct answer to the given problem is 23 cranes and 12 tortoises. In the case of the simultaneous equations shown above, the problem consists of two matrices, A and C. Let the description d be a pair ( A ,C), and the answer a be a matrix X . The description and the answer are bound by a map, f : M2>2x M2*l + M2?l,that computes the value of X satisfying A X = C from ( A ,C), where Mi" is a set of all matrices that have i columns and j rows. Thus, it holds that a = f(d) and the answer a is correct. The elementary transformation tl transforms d into d2 = (tl . A , tl . C), t z transforms d2 into d3 = ( t z . tl . A , t z . tl . C ) , and at last t3 transformsda intodq = d'= ( t 3 ' t z . t l . A , t 3 . t Z . t l . C )= (E,A-'C). It is guaranteed that f(d) = f(d2) = ... = f(d'). Thus, the algorithm consists of a sequence of equivalent transformations. 2.2. Distributing Apples

Let us consider another problem. Suppose that two apples remain if apples are distributed to people in lots of three, that three apples remain if they are distributed in lots of five and that two apples remain if they are distributed in lots of seven. The number of people may vary in each distribution. What is the total number of apples? This problem can be expressed by the following congruence expressions: z z 2

(mod3)

(3)

zs3

(mod5)

(4)

z r 2

(mod7)

(5)

The symbol z is the total number of apples. There are in fact many numbers that satisfy Eqs. (3), (4) and ( 5 ) simultaneously. Such numbers are congruent with a modulus. The answer to the problem, then, is shown as a congruence expression, z k (mod m). This means that the correct answer, i.e., the total number of apples, is k, k m, k 2m, and so on. Congruence expressions are solved by using the Chinese Remainder Theorem [lo]. This theorem requires that all moduli are relatively prime. The moduli in Eqs. (3), (4)and (5), i.e., 3, 5 and 7, satisfy this requirement. By the definition of congruence expressions, Eq. (3) is rewritten as

+

+

226

x =2

+ 3t,

(6)

where t is an integer number. By substituting this z for Eq. (4), we have 2 3t G 3 (mod 5), and then we have 3t E 3 - 2 = 1 (mod 5). The correct answer to this is t E 2 (mod 5). This is obtained by substituting each element in the system of residues with modulus 5, ie., 0, 1, 2, 3 and 4 for t respectively. It holds that t = 2 5s, where s is an integer number. By substituting this t for that in Eq. ( 6 ) ,we have z = 2 + 3 x (2+5s) = 8+15s. This is rewritten as

+

+

2

E8

(mod 15 = 3 x 5).

(7)

Thus, by the series of procedures shown above, Eqs. (3) and (4) are incorporated into one congruence expression, Eq. (7). By applying a series of similar procedures to two expressions, Eqs. (5) and (7), they are incorporated into one congruence expression. Eq. (7) is rewritten as z =8

+ 15t’,

(8)

=

where t‘ is an integer. By substituting this z for Eq. (5), we have 8+15t’ 2 (mod 7), and then we have 15t’ 1 (mod 7). The correct answer to this is t’ E 1 (mod 7), and this is rewritten as t‘ = 1 + 7s‘, where s’ is an integer. By substituting this t’ for that in Eq. (8), we have x = 8 + 15 x (1 + 7s‘) = 23 105s‘. This is rewritten as

+

z E 23

(mod 105 = 3 x 5 x 7),

(9)

which is the correct answer to the problem. Therefore, the total number of apples is 23, 128 = 23 105, 233 = 23 2 x 105, and so on. In the case of the congruence expressions shown above, the problem consists of three congruence expressions, Eqs. (3), (4) and (5). Let the description d be a set {z E 2 (mod 3), z E 3 (mod 5), z 2 (mod 7)}, and the answer a be a congruence expression, x f k (mod m). The description and the answer are bound by a map, f : 2O + D, that computes values of k and m that satisfy all given congruence expressions in d, where D is a set of all congruence expressions. The original description d is transformed into d2 = {x G 8 (mod 15),x 2 (mod 7)}, and at last d2 is transformed into d3 = d’ = {z 23 (mod 105)). It is guaranteed that a = f ( d ) = f (d2) = f (d’). Thus, it holds that a = f (d) and the answer a is correct.

+

+

=

227

2.3. Fallible Greek This example is quoted from a book 171. The notations and terms used in this paper are the same as those used in the book [5]. There are four assumptions, A l , A2, A3 and A4, which are denoted by logical formulae.

A1

:

A2 :

A3 : A4 :

human(Turing) human(S0crates) greek(Socrates) ‘x.(human(x) 3 f a l l i b l e ( x ) )

Logical formulae A1 and A2 show that both Turing and Socrates are humans, and the logical formula A3 shows that Socrates is a Greek. The logical formula A4 shows that for any x if x is a human, then x is fallible. stands for an implication. For any two logical formulae X The symbol ‘2’ and Y , the notation X 3 Y is equivalent to the notation 1X V Y . The problem to be solved is to prove that there is a fallible Greek under these four assumptions. That is denoted by the following logical formula C.

c:

3u.(greek(u)A f a l l i b l e ( u ) )

After all, a logical formula to be proven is expressed by P as follows.

P:

(A~AA~AA~AAA~)>C

In general, a logical formula is proven by the resolution principle. The resolution principle can automatically prove logical formulae. In order to use the resolution principle, a logical formula to be proven must be described in a ‘clause set.’ In order to make a clause set from a logical formula, the logical formula must be in the Skolem canonical form, which is defined in Definition 2.1.

Definition 2.1. A logical formula in a form, 3x1 . . . 3z,.((F1 A . . . A F,) V

..

V

(GIA .. A G t ) ) ,

is in the Skolem canonical form, when each of F1,. . . ,F,, G1, . . . ,Gt is an atomic formula or a negation of an atomic formula, there is no variable other than xi,. . . ,xn and xi # x ~ for j i # j.

0

228

There is a general method for transforming a given logical formula into the Skolem canonical form [4].The original logical formula P is rewritten in the Skolem canonical form Q as follows.

Q:

3u.3z.(lhuman(Turing)V lhuman(Socrates) V lgreek(Socrates)

V (human(%)A -f a l l i b l e ( z ) ) V (greek(u) A f allible(u)))

For proving a logical formula, the resolution principle can be applied to a set of an instance of it, which is defined in 2.2.

Definition 2.2. Suppose that R is a logical formula in Skolem canonical form, then R is in a form 3 ~ 1 . - . . 3 ~ m .V(*A*1* V A , ) ,

where each Ai = Ai,l A . . .A A ~ , ,for ~ i = 1 , . . . ,n,and each Ai,j is an atomic formula or negation of atomic formula for j = 1,. . .,ni. By substituting a constant term for each variable z k (Ic = 1,.. .,m) in each A i j , an ‘instance’ A‘i,j is obtained. Let each A’i be a set {A’Q,. . . ,A‘i,,i}. A set {A’l, . . . ,A’,} is called a clause set of an instance of the logical formula R. 0

The resolution principle is defined in Definition 2.3.

Definition 2.3. Let S be a clause set of an instance of a logical formula. . . ,B,} as its Suppose that S includes C1 = {AI,. . . ,A,} and C2 = {BI,. elements. If there is an atomic formula A satisfying A E C1 and 1 A E C2, then a set (C, - { A } ) U (C2 - {lA}) is called a resolvent of S, and a set S U {(C, - { A } ) u (C2 - { - A } ) } is called a resolution of S . 0 Herbrand’s theorem [5] guarantees that if there is an instance of a logical formula in the Skolem canonical form and a clause set of the instance of the logical formula is proven to be true, then the logical formula is proven to be true.

229

The resolution principle guarantees that the truth value of a clause set of an instance of a logical formula and that of a resolution are the same. An empty set {} as an element of a clause set means a truth value ‘true.’ A logical formula A1 V . . . V A,V true is obviously true. Thus, a clause set R = {A,, . . . ,A,} is proven to be true, if there is a sequence R = R1, R2,. . . ,R,, where each Ri+l is the resolution of Ri for i = 1 , . . . ,m - 1 and R, has an empty set {} as its element. Again, let us consider the logical formula Q. In order to prove that Q is true by the resolution principle, it is necessary to obtain a clause set of an instance of Q. In order to obtain an instance of Q, each of variables u and z must be substituted for a constant term. The possible substitutions are [Turinglu] or [Socrates/u] and [Turing/z] or [Socrates/z]. Thus, there are four possible substitutions. A clause set of an instance Q[Socrates/z, Turing/u], for example, can not be proven to be true. For a substitution O = [Socrates/z, Socrates/u], an instance of Q is

Qe :

lhuman(Turing) V Thuman(Socrates) V Tgreek(Socrat es)

V (human(Socrates) A Tf a l l i b l e ( S o c r a t e s ) ) V (greek(Socrates) A f a l l i b l e ( S o c r a t e s ) ) .

In order to apply the resolution principle to QO, it is necessary to make a clause set of it. Let R1 be the clause set of the instance Qe. It is denoted by

R1 = {{lhuman(Turing)}, {ihuman(Socrates)}, { i g r e e k (Soc r a t e s)} , {human(Socrates),i f a l l i b l e ( S o c r a t e s ) } , {greek(Socrates), f allible(Socrates)}}.

If this R1 is proven to be true, then the original logical formula Q is also proven to be true. In order to prove that R1 is true, let us make a sequence R1, . . . , R, of resolutions and show that R, has an empty set {}. As the first step, the elements i g r e e k ( S o c r a t e s ) and greek(Socrates) are removed and then the resolution of R1 becomes the following R2. R2 = R1 U {{} U { f a l l i b l e ( S o c r a t e s ) } ) = R1 U {{fallible(Socrates)}}

230

As the second step, the elements T f allible(Socrates) and fallible(S0crates) are removed and then we have the resolution R3 of R2. R3

= R2 U {{human(Socrates)} U {}} = R2 U {{human(Socrates)}}

As the last step, the elements -human(Socrates) and human(S0crates) are removed and then the resolution of R3 becomes the following R4. R4

= R3 = R3

u {{I u 0 ) u (01

Since this R4 has the empty set {} as its element, the clause set R4 is true. Therefore, the clause set R1 of the instance &I3 is proven to be true, and then the original logical formula Q is also proven to be true. There is a fallible Greek. The name of the person is u = Socrates. 3. Discussion

The first and second examples are algebraic problems, and the third example is a logical problem. It has been shown that there is a common structure of algorithms for solving algebraic problems [6]. In this section, it is shown that there is also a common structure of algorithms for solving logical problems. 3.1. Common Structure of Algebraic Problems

For solving an algebraic problem, the problem is described by algebraic formulae, such as simultaneous equations and congruence expressions. Let the description be d. The description of the problem is bound to a correct answer, a. Let the map f be the relationship between d and a. It then holds that a = f(d). In general, it is difficult to compute f (d) directly. In both of the algebraic problems, the original description of the problem d is transformed into another form, d'. In the example of cranes and tortoises d is ( A , C ) and d' is (E, A-' . C). In the example of distribution of apples d is {x z 2 (mod 3 ) , x E 3 (mod 5),z 3 2 (mod 7)) and d' is {x E 23 (mod 105)). In both examples, it is easier to compute f(d') than t o compute f(d). In order to obtain a correct answer, it must hold that a = f(d) = f (d'). In

231

the case of simultaneous equations, the Gauss-Jordan’s method guarantees it. In the case of congruence expressions, the Chinese Remainder Theorem guarantees it. In conclusion, suppose that a description of a given problem is d and that a correct answer to the problem is a , then there is a map, f , and it holds that a = f ( d ) . The original description d is transformed into another description, d’. The transformation from d to d‘ may result in the formation of a sequence of transformed descriptions, d = dl , d2, . . . ,d, = d‘. A theorem guarantees that the equation a = f ( d ) = ... = f (d‘) holds. Thus, we obtain the correct answer. The algorithm for solving a given problem is a sequence of transformations that satisfy the equation. The equation and the transformations form a common structure of algebraic algorithms.

3.2. Common Structure of Logical Problems The algorithm used for solving a logical problem has a similar structure. In the example of fallible Greek, the problem is expressed by a logical formula, Q. Herbrand’s Theorem guarantees that Q is true if there is a substitution CJ and the instance Qu is true. There are four possible substitutions, 01,82,03,84. The original problem ‘whether the logical formula Q is true or not?’ is then changed to a new problem, ‘whether one of the instances & e l , Q02, Q03 and Q04 is true or not?’ The new problem is expressed by the set {Q81,Q02,Q03,Q04}. One of 01,02,03 and 04 is a substitution, 8 = [Socrates/z, Socrates/u], and later we see that Qe is true. We apply the resolution principle for solving the problem. The resolution principle requires that a target logical formula is expressed by a clause set. In the case of simultaneous equations, the problem is first expressed by simultaneous equations and later expressed by matrices. The notations used are different, but contents expressed are equivalent. Similar to the case of simultaneous equations, let all instances be expressed by clause sets in the case of logical formulae. Let IlQeiII be a clause set of Q0i for each i = 1,2,3,4. The description d of the problem to be solved is the set { ~ ~ Q 0IlQ0211, 1 ~ ~ ,11Q0311,llQ0,II}. The answer a can be one of true and false. The description and the answer are bound by a map, f : 2’ + {true,false}, that computes whether one of its elements is true or not. It holds that a = f ( d ) and the answer a is correct, where S is a set of all clause sets. According to the resolution principle, the truth value of a clause set of an instance and that of a resolvent of the clause set are equivalent. Thus, if

232

the element R1 of the description d is transformed into Ra, then we obtain a new description, d z , but the answer a is the same, i e . , a = f ( d ) = f ( d 2 ) . By applying the resolution principle sequentially, we have d3 and d4. It also holds that a = f ( d ) = f ( d 2 ) = f ( d 3 ) = f ( d 4 ) . Since the set R4 E d4 has an empty set as its element, it is obvious that R4 is true. Thus, we find f ( d 4 ) is true, and then obtain the answer a = f ( d ) = f ( d 4 ) = true. This is the correct answer. Thus, the structure of a logical algorithm is similar to the structure of algebraic algorithms.. There is a map binding a description of a given problem and a correct answer to the problem. The algorithm is a sequence of equivalent transformations. The description of a problem is transformed into another form where it is easy to compute the answer. Since the transformation is an equivalent transformation, the correct answer does not change. 4. Conclusion

Three examples of problem-solving are shown. Two problems are algebraic and one problem is logical. There is common structure in all of the examples. The equation a = f(d) always holds and an algorithm always consists of equivalent transformations. Algebraic method for solving are efficient, but a logical method is not. The existence of a common structure of algorithms suggests that there is an effcient method for solving for a logical problem.

Acknowledgment This study was supported by a grant from Tenshi College. The author is grateful to the anonymous reviewer for constructive suggestions, which helped t o improve the clarity of this paper.

References 1. Kiyoshi Akama, Tomokuni Shimizu, and Eiichi Miyamoto. Solving problems by equivalent transformations of declarative programs. Journal of Jsai., 13(6):944 - 952, November 1998 (in Japanese). 2. Edsger W. Dijkstra et al. Structured Programming. Science Sha, Tokyo, 1975 (translated into Japanese). 3. Kazuhiro Fuchi et al. Program Henkan. Kyoritsu Shuppan, Tokyo, 1987 (in

Japanese). 4. Masami Hagiya. Software Kagakv notameno Ronrigaku. Number 11 in The Iwanami Software Science Series. Iwanamishoten, Tokyo, January 1994.

233 5. Susumu Hayashi. Suri Ronrzgaku. Number 3 in Computer Sugaku Series. Corona Sha, Tokyo, 1989 (in Japanese). 6. Yuuichi Kawaguchi. An equivalent transformation paradigm that guarantees the quality of algorithms. In M. H. Hamza, editor, Proceedings of the ISATED International Conference: Artzficzal Intelligence and Soft Computing (ASC2001), pages 49 - 52, Cuncun, Mexico, May 2001. IASTED, ACTA Press. 7. Robert A. Kowalski. Logic for Problem Solving. Elsevier North Holland, Inc., 1979 (translated into Japanese). 8. Takeshi Onodera, Osamu Nakada, and Toshio Hashimoto. Kisokatei Senkei Daisugaku. Kyoritsu Shuppan, Tokyo, 1980 (in Japanese). 9. Joseph R. Shoenfield. Mathematical Logic. A K Peters, Ltd., Natick, Massachusetts, 1967. 10. Teiji Takagi. Shoto Seisuron Kogi. Kyoritsu Shuppan, Tokyo, second edition, 1971 (in Japanese).

234

GAMES ON GRAPHS: AUTOMATA, STRUCTURE, AND COMPLEXITY

BAKHADYR KHOUSSAINOV Computer Science Department T h e University of Auckland New Zealand email: bmk(0cs. oucklond.oc.nz

TOMASZ KOWALSKI* Japan Advanced Institute of Science and Technology Japan email: kowalski(0joist.ac. j p

1. Introduction and Basic Concepts Motivated by the work of Gurevich and Harrington [5], McNaughton [8] introduced a class of games played on finite graphs. In [8], McNaughton shows that all winnings strategies in his games can be implemented by finite state automata. McNaughton games have attracted attention of many experts in the area, partly because the games have close relationship with automata theory, the study of reactive systems, and logic (see, for instance, [13] and [12]). McNaughton games can also be used to develop gametheoretical approach for many important concepts in computer science such as models for concurrency, communication networks, and update networks, and provide natural examples of computational problems. For example, Nerode, Remmel and Yakhnis in a series of papers (e.g., 191, [lo]) developed foundations of concurrent programming in which finite state strategies of McNaughton games are identified with distributed concurrent programs. McNaughton games are natural descriptions of reactive systems in which the interaction between Controller (often referred to as Survivor) and Environment (Adversary) are modelled as certain two-player games. Winning *On leave from Department of Logic, Jagiellonian University, Poland.

235

conditions in these games can be thought of as specification requirements that Controller must satisfy. Winning strategies for Controller are thus identified with programs satisfying the specifications. Deciding whether or not Controller wins a given game can be seen as answering the question whether or not a given specification is realizable. If it is, then constructing a winning strategy amounts to synthesizing a correct controller program. Further, minimalization of the memory size of the winning strategy for Controller corresponds to the optimization problem of a correct controller. Again, we refer the reader to [12] for more details. Suppose you come across a McNaughton game. You will probably expect that the particular structure of the underlying system and the specification of winning conditions influence in some way the running times of algorithms that decide the game. Such an expectation is natural since many algorithms for deciding McNaughton games are not efficient and do not explicitly exploit either the structure of the underlying graphs or the form of winning conditions. An exception can be found in the paper of Zielonka [14] where it is shown that the winners of the McNaughton games have finite state strategies that depend on nodes that are called useful. The main purpose of this paper is to pursue this line of investigation a little further in a number of cases. In particular, we provide examples of classes of games for which the algorithms that decide these games explicitly use the nodes at which one of the players has more than one choice to make a move. We begin with the following definition extracted from [8],

Definition 1.1. A game r, played between two players called Survivor and Adversary, is a tuple ( S U A, E, R), where: (1) The sets S and A are disjoint and finite, with S being the set of positions for Survivor and A the set of positions for Adversary, (2) Theset Eofedgesissuchthat E g (Ax S)U(S x A )a n d fo ra lls E S and a E A there are a' E A and s' E S for which (s, a'), ( a ,s') E E, (3) The set R of winning conditions is a subset of 2SUA.

The graph G = (V,E), with V = S U A, is the system or the graph of the game, the pair R is the specification, and each set U E R is a winning set. In game r, a play (from PO) is an infinite sequence IT = p o , p l , . . . such that (pi,pi+l) E El i E w . Survivor always moves from positions in S , while Adversary from A. Define I n f (n)= { p I 3"i : p = p i } . Survivor wins the play T if Inf ( n ) E R; otherwise, Adversary wins n. We will refer

236

to finite initial segments of plays as histories. A strategy for a player is a rule that specifies the next move given a history of the play. Let f be a strategy for the player and p be a position. Consider all the plays from p which are played when the player follows the strategy f . We call these plays consistent with f f r o m p . We note that the definition above is not the original definition of McNaughton games. That is, in the original definition, one allows to pick a subset X of V , and fl is a collection of subsets of X . Then, in a play IT = p o , p l , . . . those nodes not in X are not counted toward satisfying a winning condition. This distinction is important since Nerode, Remmel, and Yakhnis in [9] prove that McNaughton games can be solved in time proportional to 21xl . . IEllXl!). In other words, when X is very small compared t o V , all McNaighton games can be solved efficiently.

(1x1

Definition 1.2. The strategy f for a player is a winning strategy from p if the player wins all plays from p consistent with f . In this case the player wins the game from p. To decide game r means to find the set of all positions, denoted by Win(S),from which Survivor wins. The set Win(A) is defined similarlya. jF'rom the definitions above it is clear that all graphs we consider are bipartite and directed. It is customary in the context of games to refer to members of V as nodes rather than as more graph-theoretical vertices. For a node w of a graph B = (V,E), we write Out(w) = { b 1 ( v , b ) E E } and In(.) = { b 1 (b, w) E E } . Usually nodes of set A are denoted by a , and of set S by s, possibly with indices. As we have already said, McNaughton's algorithm in [8] that decides games is inefficient. In [9] Nerode, Remmel and Yakhnis improved the algorithm by deciding any given game F in O(IV(!21vlIVllEl)-time which is, of course, still far from being efficient. S. Dziembowski, M. Jurdzinski, and I. Walukiewicz in [2] investigated questions related to the size of memory needed for winning strategies. In particular, they prove that for each n there is a game r such that the size of V is O(n) and the memory size for finite state winning strategies for these games are at least n factorial. A related question is t o find conditions on either the specifications or the system which ensure that the games can be decided efficiently and the memory size for winning finite strategies are sufficiently small. While the present ~~

aAny McNGghton game I? is a Bore1 game. Hence, by the known result of Martin (see [7]), r is determined. Therefore W i n ( S )U W i n ( A )= S U A .

237

paper has some bearing on the above question, it is also a continuation of a research trend, which we briefly summarise in the next paragraph. Dinneen and Khoussainov have used McNaughton games for modelling and studying structural and complexity-theoretical properties of update networks (see [l]).A game r is an update game if R = { V } . The system (V,E ) is an update network if Survivor wins the update game. Speaking informally, Survivor is required to update [i.e., visit) every node of the system as many times as needed. In [l]it is shown that update games can be decided in O(lVl(lVl+IEl))-time. Update games have been generalized in [3] t o games in which the specification R contains more than one set. Namely, a game I' is a relaxed update game if U n W = 0 for all distinct U , W E R. It is proved that there exists an algorithm that decides relaxed update games in O(IV12(IVI IEl)))-time. In [6]Ishihara and Khoussainov study linear games in which R forms a linear order with respect to the set-theoretic inclusion. They prove that linear games can also be decided in polynomial time with parameter IRI.

+

Clearly, in the results above, all the constraints are specification constraints. In other words, the games are described in terms of certain properties of specifications from R. In addition, the results as they stand-and most of their proofs-do not explicitly show the interplay between the structure of the underlying systems (V,E ) , the running times of algorithms that decide games, and the specifications in R. We try to bridge this gap by explicitly showing how running times of algorithms that decide certain classes of games depend upon the structure of the systems and specifications. Here is a brief outline of the paper. In the next section, we introduce no-choice games and present a simple algorithm that decides them in time linear on the size of the game. We also provide a result that shows how the structure of the no-choice games is involved in finding finite state winning strategies with a given memory size. In Section 3 we revisit update games, and provide a n algorithm that explicitly uses information about the number of nodes at which Adversary can make a choice, i.e., the members of A with at least 2 outgoing edges. In Section 4, we consider games in which specifications in 52 are closed under union. For such union-closed games we provide a decision algorithm whose running time depends explicitly on some structural information about the underlying systems of games. We note that the main result of this section can be obtained from the determinacy result of Zielonka [14]. However, our proof is direct and simple and does not need to employ the full strength of Zielonka's determinacy theorem.

238

The final section discusses some issues for future work. 2. No-choice games

We start off with games where the structure of the system forces one of the players to always make a unique choice at any given node of the player. Without lost of generality we can assume that this player is Adversary. Formally :

Definition 2.1. A no-choice game is a McNaughton game = (V,E , R) such that for all a E A, s1,sg E S if ( a , s l ) ,( a , s 2 ) E E then s1 = s2. No-choice games are one player games, with Survivor as the sole player, because Adversary has no effect on the outcome of any play. Below we provide a simple procedure deciding no-choice games by using Tarjan's algorithm that detects strongly connected directed graphsb. The algorithm is simple but shows a significant difference between the time needed to decide McNaughton games in the general case and in the case of no-choice games. The following is a simple observation.

Lemma 2.1. I f X is a strongly connected component of G in a no-choice game r = (V,E , R) and > 1, then O u t ( a ) c X for every a E A n X .

1x1

0

Let r = (S U A, E , R) be a no-choice game. Call a winning set U E R S-closed, if O u t ( a ) & U for every a E A n U , and Out(s)n U # 0 for every s E S n U . Clearly, if 7r is a play won by Survivor in game r then Inf(7r) must be S-closed. Thus, the following lemma holds true:

Lemma 2.2. Survivor wins the no-choice game I? if and only if Survivor wins the game r' which arises from 'I by removing all not S-closed winning 0 sets. Let U E R be an S-closed winning set. Consider the game r ( U ) whose graph is the restriction to U of the graph of I?, and whose set of winning conditions R(U) is { U } . Define the graph G ( U ) = ( V ( U ) , E ( U ) ) , where V ( U ) = S n U , and (z,y) E E ( U ) if and only if z,y E V ( U ) and (z, a) , (a, y) E E for some a E U n A. Thus, in graph G(U) there is a path bA graph Q = (V,E) is strongly connected if there is path between any two nodes of the graph. Tarjan's algorithm detects whether or not the graph Q is strongly connected in O(lVl IEl)-time

+

239

between nodes p and q if and only if there is a finite play s1, al, . . . , a,-1, s, in r ( U ) such that p = s1 and q = sn. The following is easy: Lemma 2.3. Survivor wins r ( U ) ifl the graph G ( U ) is strongly connected. 0

Now we are ready to prove the following theorem: Theorem 2.1. There exists an algorithm that decides any given no-choice game I' = (V, E , R) in O(lR] . (IVl JE]))-time.

+

Proof. Let p be a node in V. Here is a description of a desired algorithm:

If there is no S-closed U E R then declare that Survivor loses. If none of these graphs G ( U ) for S-closed U E R is strongly connected, then declare that Survivor loses. Let X be the union of all S-closed U E R such that the graph G ( U ) is strongly connected. Check whether or not there is a path from p into X . If there is no path from p into X then declare that Survivor loses. Otherwise, declare that Survivor wins. It takes linear time to perform the first part of the algorithm. For the second part, use Tarjan's algorithm for detecting strongly connected graphs. Namely, for each S-closed set U apply Tarjan's algorithm to check if G ( U )is strongly connected. Hence the overall running time for the second part is proportional to \R(. (IV( ( E l ) .For the third part, constructing X and checking if there is a path from p to X takes linear time. Thus, the algorithm runs at most in O(lRl . ([El+ IVI)-time. The correctness of the algorithm is clear. 0

+

Thus, the proof of Theorem 2.1 shows that deciding no-choice games is essentially dependent on checking whether or not the graphs G ( U ) = (V(U)E , ( U ) ) ,where U is S-closed, are strongly connected. Therefore we single out the games that correspond to winning a single set U E R in our next definition: Definition 2.2. A basic game r consists of a directed graph 4 and player

Survivor, where Survivor is the sole player. Given a basic game r, a play from a given node vo is a sequence T = vo, ~ 1 , 7 1 2 , .. . such that (vi,vi+l) E E for all i E w. Survivor wins the play ) V. Otherwise, Survivor looses the play. Thus, Survivor wins if I n f ( ~= the basic game I? iff the graph G is strongly connected.

240

Let r be a basic game. Our goal is to find finite state strategies that allow Survivor to win the game. For this, we need to formally define finite state strategies. Consider an automaton A = (Q, qo, A, F ) , where V is the input alphabet, Q is the finite set of states, qo is the initial state, A maps Q x V to Q, and F maps Q x V into V such that ( v , F ( q , v ) )E E for all q E Q and v E V . The automaton A induces the following strategy, called a finite state strategy. Given v E V and s E Q, the strategy specifies Survivor’s next move which is F ( s ,v). Thus, given uo E V , the strategy determines the run r(vo,A) = wo,v1,v2,..., where vi = F(qi-1,wi-l)and qi = A(vi-1,qi-l) for each i > 0. If Inf(r(v0,A)) = V , then A induces a winning strategy from WO. When Survivor follows the finite state strategy induced by Adversary, we say that A dictates the moves of Survivor. To specify the number of states of A we give the following definition.

Definition 2.3. A finite state strategy is an n-state strategy if it is induced by an n state automaton. We call 1-state strategies no-memory strategies. The next result shows that finding efficient winning strategies in basic games is computationally hard. By efficient winning strategy we mean an n-state winning strategy for which n is small.

Proposition 2.1. For any basic game F, Survivor has a no-memory winning strategy if and only if the graph G = (V,E ) has a Hamiltonian cycle. Therefore, finding whether or not Survivor has a no-memory winning strategy is NP-complete. Proof. Assume that the graph G has a Hamiltonian cycle V O ,. . . ,v,. Then the mapping wi + vi+.l(mo~(n+l))establishes a no-memory winning strategy for Survivor. Assume now that in game I? Survivor has a nomemory winning strategy f . Consider the play r = po, pl,pp, . . . consistent with f . Thus f(pi) = pi+l for all i. Since f is a no-memory winning strategy we have I n f ( r ) = V . Let m be the least number for which po = p,. Then V = {PO,. . . , p , } as otherwise f would not be a winning strategy, and 0 hence the sequence PO,.. . , p , is a Hamiltonian cycle.

It is not hard to see that there exists an algorithm running in 0(lVl2)time that for any given basic game in which Survivor is the winner provides an automaton with at most IVl states that induces a winning strategy (just check if for all 2,y E V there are paths connecting x to y and construct

241

a desired automaton) . Therefore, the following seem natural: If a player wins the game a t all, then how much memory is needed to win the game? For a given number n, what does the underlying graph look like if the player has a winning strategy of memory size n? We will provide answers, however, we will not give full proofs. Full proofs can be found in [4]. Our goal is t o analyze the case when n = 2, that is when Survivor has a 2-state winning strategy, as the case for n > 2 can then be derived without much difficulty. The case when n = 1 is described in Proposition 2.1. The case when n = 2 involves some nontrivial reasoning provided below. The case when n > 2 can be generalized easily (see [4]).

Case n = 2. We are interested in graphs B = (V,E ) such that IIn(q)l 5 2 and IOut(q)I 5 2 for all q E V . A path p l , . . . , p , in graph B is called a 2-state path if lIn(p1)I = IOut(p,)] = 2 and IIn(pi)l = ] O u t ( p i ) J= 1 for all i = 2,. . . ,n - 1. If a node q belongs to a 2-state path then we say that q is a 2-state node. A node p is a 1-state node if IIn(p)I = IOut(p)I = 1 and the node is not a 2-state node. A path is a 1-state path if each node in it is a 1-state node and no node in it is repeated. We now define the operation which we call the Glue operation which can be applied t o a finite graph and a cycle to produce another finite graph. By a cycle we mean any graph isomorphic to ( { c l ,. . . ,cn}, E ) , where n > 1 and E = {(c~,cz),. . . , ( ~ ~ - c,), 1 , (c,, Q)}. Assume that we are given a graph 6 = (V,E ) and a cycle C = (C,E ( C ) ) so that C n V = 0. Let P I , . . . , P, and Pi, . . . , PA be paths in 4 and C, respectively, that satisfy the following conditions: 1) The paths are pairwise disjoint; 2) Each path Pi is a 1-state path; 3) For each i = 1 , . . . ,n, we have lPil = lP,!l.The operation Glue has parameters B, C, PI,. . . , P,, Pi, . . . , PA defined above. Given these parameters the operation produces the graph E'(V',E') in which the paths Pi and Pi are identified and the edges E and E ( C ) are preserved. Thus, one can think of the resulting graph as one obtained from B and C so that the paths Pi and Pi are glued by putting one onto the other. For example, say PI is the path pl,p2,p3, and Pi is the path p',,p&,p$. When we apply the operation Glue, PI and Pi are identified. This means that each of the nodes pi is identified with the node p:, and the edge relation is preserved. Thus, in the graph B' obtained we have the path { p l , p ; } , { p ~ , p $ }{ p, s , p $ } . It is easily checked that in the resulting graph 4' each of the paths Pi is now a 2-state path. Definition 2.4. A graph B = (V,E ) has a 2-state decomposition if there is a sequence ( G l , C l ) , . . . , ( B n , C n ) such that 61 is a cycle, each

is obtained from the Gi and Ci,and G is obtained from G, and C n by applying the operation Glue.

Gi+l

An example of a graph that admits a 2-state decomposition can be given by taking a union C1,. . . , C, of cycles so that the vertex set of each Ci,i = 1,.. . ,n - 1, has only one node in common with Ci+l and no nodes in common with other cycles in the list.

Definition 2.5. We say that the graph G = (V,E ) is an edge expansion of another graph 6’ = (V‘,E’) if V = V’ and E’ E. The following theorem provides a structural characterization of those strongly connected graphs which Survivor can win with 2-state winning strategies.

Theorem 2.2. 141 Survivor has a 2-state winning strategy in a basic game I’ = (G, { V } )i f and only if 6 is an edge expansion of a graph that admits a 2-state decomposition. 3. Update Games Revisited

Recall that a game of type r = (V,E , { V } )is called a n update game; and is an update network if Survivor wins the game. In this section all the games considered are update games. Our goal here is twofold. On the one hand, we describe a decomposition theorem for update networks. For a full proof of this theorem we refer the reader to [l].On the other hand, we provide a new algorithm for deciding update networks so that the algorithm runs in linear time on the size of the graph given a certain set of of Adversary nodes as a parameter. More formally, let r = (V,E , { V } )be an update game. Let C be the set of all Adversary’s nodes a such that IOut(a)l > 1. In other words, C contains all nodes at which Adversary has a choice of at least two different moves. We provide an algorithm deciding update games, so devised that its running time shows what role the cardinality of C plays in the decision procedure. Namely, our algorithm depends on the parameter ICI and runs in the time I C . ( I V l f IEI), where Ic depends on ICI linearly. Let r = ( V , E , { V } )be an update game. For any s E S define Forced(s) = { a I (Out(a)(= l&(a,s) E E } . Thus, Forced(s) is the set where Adversary is ‘forced’ to move to s. Note the following two facts. If r = ( V , E , { V } )is an update network then for every s E S , the set Forced(s) is not empty. Moreover, if IS( 2 2, then for every s E S there exists an s’ # s and a E Forced(s) such that (s‘,a) E E. Next we give the

243

definition of forced cycle in a McNaughton game which will play a key role in our analysis of update games.

Definition 3.1. In a game r, a forced cycle is a cycle ( a k , s k , . . . ,a2, sg, a l , s1) such that ai E Forced(si) and si E s. Forced cycles have even length, and are fully controlled by Survivor. Using the facts above one now can show that any update network r with IS[ > 1 has a forced cycle of length 2 4. The lemma below tells us that forced cycles can be used to reduce the size of the underlying graph and obtain an equivalent game.

Lemma 3.1. Let I? be a n update game with a forced cycle C of length 2 4. W e can construct a game r' with IV'I < (VI such that r is a n update network iff I?' is one. Proof (sketch). We construct the graph ( V ' ,E') for I". Consider C = ( a k , s k , . . . ,a2, s g , a l ,s1). For new vertices s and a define S' = (S \ {SI, . . . ,s k } ) U {s} and A' = ( A \ { a l , . . . ,a k } ) U { a } . The set E' of edges consists of all the edges in E but not the edges in C , edges of the type ( s ,a ' ) if (si,a') E E , or (a',s) if ( a ' , s j ) E E , or (s',a) if ( s ' , a k ) E E for some si,s j , a k E C. We also put ( a ,s ) and (s,a ) into E'. Thus, the cycle C has been reduced. It is routine to show that r is an update network iff r' is one. The idea is that Survivor controls C fully. The operation of producing I" from I' and a forced cycle C is called the contraction operation. In this case we say that I? is an admissible extension of r'. Thus, for I" to have an addmisible extension I" must possess a forced cycle of length 2. Clearly, there are infinitely many admissible extensions of I".

Definition 3.2. An update game I' = (G, { V } )has a forced cycle decomposition if there exists a sequence rl, . . . , r n such that IS11 = 1, IOut(sl)l = ]All, where S1 = {sl}, and each ri+l is an admissible extension of ri,and rn = I'. The sequence rl, . . . , rn is called a witness for the decomposition. Using the lemma and the definition above one can prove the following theorem. The theorem gives us a complexity result one the one hand, and a description of update networks on the other (see [l]).

244

Theorem 3.1. There exists an algorithm that given a game I? decides in O(lVllEl) time whether or not the game is an update network. Moreover, an update game I? is an update network i f and only i f it has a forced cycle decomposition. We note that Nerode, Remmel, and Yakhnis in [9]prove a more general complexity theoretic result. They prove that if R is of the form {Y 1 21 Y E 2 2 } , where 21 and 2 2 are fixed subsets of V , then such McNaughton games (called interval games) can be solved in time proportional to (21211 1)JEJ.Clearly, update games are interval games. Thus, the complexity theoretic result in the theorem above is coverred by the result of Nerode, Remmel, and Yakhnis. The theorem above, however, provides a structural property of update networks, and tells one how update networks can be built.

+

Now we show how the set C = { a E A 1 IOut(a)I > 1) can be used to decide update games. Our algorithm shows that if the cardinality of C is fixed then update games can be decided in linear time. Let X be a subset of V in a game I? = (G, 0). The graph G X is defined as the subgraph of (2 whose vertex set is V \ X . We begin with the following simple lemma.

Lemma 3.2. Assume that C is a singleton and C = {a}. If Survivor wins I' then In(.) # 8 and Out(a) is contained in a strongly connected component of (2{,}. Proof. It is clear that In(.) # 8 as otherwise a would not be visited infinitely often in each play. Assume now that no strongly connected component of G{,} contains Out(a). There are z,y in Out(a) such that the graph 91,) does not contain a path from x into 9. Consider the strategy that dictates Adversary to always move to x from the node a. Then, for any play T consistent with this strategy, Inf ( T ) does not contain y . Hence, Survivor cannot win I?. We will generalize the lemma above to the case when the cardinality of C is greater than 1. In other words, Adversary has more than one node at which a choice can be made. Let a l , . . . ,a, be all the nodes from C.

Lemma 3.3. Assume that Survivor wins I?. Then the following two properties hold true: (1) Each set In(ai) is not empty for i = 1,.. . ,n.

245

(2) There is an element b E C such that Out(b) is contained in a strongly connected component of Gc. Proof. The first property is clearly true as otherwise Survivor could not win the update game r. We show how to prove the second property. Take a1 . Assume that no strongly connected component of Gc contains Out(a1). Then there are X I and y1 in Out(a1) such that GC does not contain a path from x1 to y 1 . We make the following claims:

Claim 1. There is an i > 1 such that for every z E Out(ai) there is a path from z t o y1 in the graph Gc. In order t o prove the claim assume that for each ai, i > 1, there is a zi such that there is no path from zi into y1 in the graph Gc. Define the following strategy for Adversary. Any time when a play comes to ai, i > 1, move to zi. At node a1 move to X I . It is not hard to see that in any play T consistent with this strategy the node y1 does not belong to Inf ( T ) . This contradicts the fact that Survivor wins r. The claim is proved. Without loss of generality we can assume that a2 satisfies the condition of the claim above. If Out(a2) is contained in a strongly connected component, then the lemma is proved. Otherwise, there are x2,y2 E Out(a2) such that the graph GC does not have a path from 5 2 to y 2 . We now prove the following.

Claim 2. There is an i with 1 5 i 5 n such that for every z E Out(ai) there is a path from z to y2 in the graph Gc. Moreover, for any such i it must be the case that i > 2. Assume that a1 satisfies the claim. Then in Gc ' there is a path from X I to y 2 . Since a2 satisfies Claim 1, in GC there is a path from y2 to y1. Then, the path from x1 through y2 to y1 is in Gc as well. This is excluded by our initial assumptions about al. Thus, i # 1. Certainly a2 cannot satisfy Claim 2 either. Then, we complete the proof of Claim 2 by repeating the argument we employed to prove Claim 1. Now, repeating inductively the above reasoning, and suitably renumbering nodes, we may assume that the sequence a l , . . . ,aj has the following properties: (1) In each Out(ak), k = 1,.. . , j - 1, there are xk,yk such that the graph Gc contains no path from xk to y k . (2) For all z E Out(ak) with k = 2 , . . . , j there is a path from z to y k - 1 in the graph g c .

246

Now, if the set Out(aj) is not contained in a strongly connected component of GC then there is an a E C such that for all z e Out(@)there is a path from z to yj. Otherwise, one can again show that Adversary wins the game by never moving to yj. Indeed, the assumptions above guarantee that all paths from z j to y j go through an Adversary's node. Therefore Adversary can avoid visiting the node yj. This, however, contradicts the assumption that Survivor wins the game. Moreover, as above, it can be shown that a 6 { a l , . . . ,u j } , It follows that j < n. Thus, we can conclude that there is an i 5 n such that Out(ai)is contained in a strongly connected 0 component . The lemma is proved. By virtue of the lemma above we can pick an a E C such that Out(a) is contained in a strongly connected component of E c ; denote the component by X,. We construct a new update game r' = (V',E', { V ' } )as follows: (1) V' = (V \ X,)U { s}, where s is a new Survivor's node. (2) E' = ( E n v r 2u) { ( s , u ) I 3t E x,((t,a) E E } u { ( a , ~ I) 3t E x a ( ( a , t )E E ) ) .

We refer t o r' as the reduced game. The following lemma shows the use of reduced games. Lemma 3.4. Survivor wins the game l' if and only if Survivor wins I?'.

Proof. Let f be Survivor's winning strategy in I?. We describe a winning strategy f ' for Survivor in I" which simulates f . When the play takes place outside {s}, then f ' mimics the moves dictated by f for nodes outside X,. When the play arrives at s then Survivor scans f forward up to the nearest point where f leaves X,. Obviously such a point exists. Suppose f does so by requiring a move to a node y 6X,. Then in the game r' Survivor also moves to y. It is not hard to see that f' thus described is indeed a winning strategy. Now assume that f ' is Survivor's winning strategy in r'. We describe Survivor's winning strategy f in I? by simulating f'. When the play takes place outside X, then f mimics f'. When the play arrives a t X,, the strategy f tells Survivor to: (1) visit each node of X,, then (2) find node y t o which Survivor moves in game cording to strategy f', then

I" from node

s ac-

247

(3) find z E X , such that (z,y) E E , and move to finally, (4) from z move to y.

2

inside X,, then,

It is clear that f thus described is well-defined, i.e., Survivor can do what f requires. That f is indeed a winning strategy is not hard to see either. 0

Assume that an a E C is such that Out(a) is contained in a strongly connected component Gc. Consider the reduced game I",and its underlying graph 6' = ( V ' , E ' ) . The natural mapping h : V + V' defined by putting h(v) = s for all w E X,, and h(w) = w otherwise, satisfies the following properties:

h is onto; for all z,y E V , (z, y) E E and z,y $ X , implies that ( h ( z ) h, ( y ) )E E' ; X is a strongly connected component of Gc if and only if h ( X ) is strongly connected component of G&. These observations together with Lemma 3.3 yield that if Survivor wins then there is an a E C such that Out(a) is contained in a strongly connected component of GL. Moreover, by Lemma 3.4, we can reduce the sizes of strongly connected components to singletons one by one always arriving at an equivalent game. This amounts to a proof of the following lemma.

r'

Lemma 3.5. If Survivor wins the update game r then for any a E C the set Out(a) is contained in a strongly connected component of Gc. 0 Now we are ready to prove a theorem.

Theorem 3.2. There exists an algorithm that, given an update game r with ICI = n, decides whether or not r is an update network in running time proportional to n . (IV(+ IEI).

Proof. Our procedure uses Tarjan's algorithm. We describe the basic steps of our procedure. Its correctness follows from previous lemmas. (1) If C = 0 then apply Tarjan's algorithm to see if G is strongly connected. If 6 is strongly connected then Survivor wins; otherwise Adversary wins.

248

(2) Find all strongly connected components, X I , . . . , Xm, of Qc by using Tarjan’s algorithm. (3) If for some a E C the set Out(a) is not contained in one of the strongly connected components X I , . . . , X m , then Adversary wins. (4) Construct the graph G(C)= ( V ( C ) , E ( C )as ) follows: (a) V‘ = (V \ UaEcXa)U ( ~ 1 , .. . ’sk}, where each si is a new Survivor’s node, and k = ICI. (b) E‘ = ( E n V”) U u;=,{(Si,a) I 3t E X a i ( ( t , a i ) E E } U U;=,{(a,si) I 3 E L ( ( a , t )E ( 5 ) If Survivor wins the no-choice game r(C) = (G(C),{ V ( C ) } )then , Survivor wins the game I?. Otherwise, Adversary is the winner.

a).

It is not hard t o see that the algorithm runs in the time required.

0

4. Union-Closed Games In this section, we focus on union-closed games, that is the games in which the specification set R is closed under the set-theoretic union operation. Structurally, it is a natural property, and we will use it in an essential way in the algorithm deciding these games. Let r be a union-closed game. Consider a E A such that IOut(a)I > 1. Let So and S1 be pairwise disjoint nonempty sets that partition Out(a>.We define two games ro and rl, where = V , Ri = R, and Ei = E \ { ( a ,s) I s E Si}. In other words, in game ri, moves of Adversary at node a are restricted to Si. Here is the main theorem from which we will deduce an algorithm for deciding union-closed McNaughton games.

Theorem 4.1. Let r be a union-closed game. Survivor wins the game I’ from p if and only if Survivor wins each of the games ro and rl from p . Proof. We need to prove the nontrivial direction. Let fo and f 1 be winning strategies of Survivor in games ro and rl,respectively. We construct the following strategy f for Survivor in the original game I’. Survivor that begins its play by first emulating fo. Assume that p , p l , . . . , p n , a is the history of the play so far, and Survivor is emulating the strategy f E , where E E {0,1}. Now consider Adversary’s move from a. There are two cases.

Case 1. Adversary moves into S,. In this case, Survivor emulates fE until a is reached again. Case 2. Adversary moves into Sl-, by choosing an s E Sl-,.In this case, Survivor scans the history h = p , p l , . . . ,p,,a,s and “projectd’ it

249

into the game rl-e. The “projection” is obtained from h by forgetting all the detours that belong to the game re.More formally, Survivor does the following:

0

0

scans h from the beginning up to the first appearance of a followed by a t E S,; keeps scanning h up to the next appearance of a (there must be such, because h ends with a followed by s @ Sf); forms h‘ by identifying the two appearances of a in the the sequence a, s, . . . ,a and cutting off everything in between; repeats the procedure until the end of h.

The “projection” h’ obtained this way will be a history of a play from

rl-€.The next move of Survivor then coincides with the move of Survivor in the game step after h’.

required by the the winning strategy

fl-€

for the next

This strategy is a winning strategy. Indeed, consider a play IT consistent with this strategy. If after a certain history h of 7r Adversary always moves to S,from a then the play IT‘, obtained from IT by removing the initial segment h, is a play in I?€. Then, Survivor wins IT by resorting to the strategy fe after h has been completed. By symmetry, Survivor also wins any play 7r in which Adversary almost always moves to S I - ~Assume . that Adversary switches infinitely often from SOto S1 and back during the play. Then IT can be written as IT = a l P l a z P 2 . . . , where TI = ala2.. . is a play in l?o consistent with f o and 7r2 = POPI.. . is a play in rl consistent with f 1 . Therefore, Inf(7r) = Inf(r1)U Inf(n2). Since fo and f 1 are winning strategies for Survivor, we must have Inf (TI),Inf ( ~ 2 E ) R. By unionclosedness, we get Inf ( I T ) € R. Thus, f is the winning strategy for Survivor as required. 0 As a corollary we obtain a complexity-theoretic result for deciding union-closed games. To formulate it, we need yet another definition.

Definition 4.1. Let I? = (V,E,R) be a game. An instance of r is any game I?‘ = (V‘,E’, a‘) such that V’ = V , 0‘ = s2, and E’ C E such that for every a E A the set Out(a) with respect to E‘ has cardinality 1. Now we can state: Theorem 4.2. Let I? = (V,E , s2) be a union closed game. Let a l , . . . , ak be all nodes in A such that ni = IOut(ai)) > 1, i = 1 , . . . ,k. Then the following is true:

250

(1) Survivor wins I? if and only if Survivor wins every instance of .'I (2) Deciding the game r takes O(nl . . . . n k . (01. (IVl -k IEl)-time. +

Proof. Part 1 follows from Theorem 3. Part 2 follows from Theorem 1, the first part of the theorem, and the fact that there are exactly nl . . . . .n k instances of r. 0 Corollary 4.1. If Survivor looses a union-closed game, then Adversary has a no-memory winning strategy. Proof. By the theorem above, Adversary wins an instance of the game. Such an instance is itself a no-choice game in which Adversary wins, and 0 the strategy naturally derived is a no memory strategy.

We note that the corollary above can be obtained from the known determinacy result of Zielonka [14]. However, our proof is direct and simple and does not need to employ the full strength of Zielonka's determinacy theorem. 5 . Concluding Remarks

In this paper we have shown that McNaughton games can be studied by exploiting the relationship between specifications and the structure of the underlying graphs. This seems to be a natural approach if one wants to find efficient algorithms for deciding different classes of McNaughton games and have practical implementations of winning finite state strategies. The ideas presented in this paper can clearly be generalized and produce new algorithms for deciding McNaughton games. For example, we plan to investigate the question how the cardinality of the set at which Adversary has more than one choice to make a move can affect the complexity of decision algorithms for McNaughton games.

References 1. M. J. Dinneen and B. Khoussainov. Update networks and their routing strategies. In Proceedings of the 26th International Workshop on Graph-Theoretic Concepts in Computer Science, WG2000, LNCS 1928, p 127-136, 2000. 2. S. Dziembowski, M. Jurdzinski, and I. Walukiewicz. How Much Memory Is Needed to Win Infinite Games? in Proceedings of Twelfth Annual Symposium on Logic in Computer Science (LICS 97), p.99-118, 1997. 3. H.L. Bodlaender, M.J. Dinnccn and B. Khoussainov. On Game-Theoretic Models of Networks, in Algorithms and Computation (ISAAC 2001 proceedings), LNCS 2223, P. Eades and T. Takaoka (Eds.), p. 550-561, Springer-Verlag Berlin Heidelberg 2001.

251

4. B. Khoussainov. Finite State Strategies in One Player McNaughton Games. Proceedings of the 10th International Conference of CDMTCS, France, to appear. 5. Y. Gurevich and L. Harrington. Trees, Automata, and Games, STOCS, 1982, pages 60-65. 6. H. Ishihara, B. Khoussainov. Complexity of Some Games Played on Finite Graphs. Proceedings of the 28th International Workshop in Graph-Theoretic Conspets in Computer Science, Ed. L. Kucera, LNCS 2573, p.270-282, 2002. 7. D. Martin. Bore1 Determinacy. Ann. Math. Vol 102, 363-375, 1975. 8. R. McNaughton. Infinite games played on finite graphs. Annals of Pure and Applied Logic, 65:149-184, 1993. 9. A. Nerode, J. Remmel, and A. Yakhnis. McNaughton games and extracting strategies for concurrent programs. Annals of Pure and Applied Logic, 78:203242, 1996. 10. A. Nerode, A. Yakhnis, V. Yakhnis. Distributed concurrent programs as strategies in games. Logical methods (Ithaca, NY, 1992), p. 624-653, Progr. Comput. Sci. Appl. Logic, 12, Birkhauser Boston, Boston, MA, 1993. 11. R.E. Tarjan. Depth first search and linear graph algorithms. SIAM J. Computing 1:2, p. 146-160, 1972. 12. W. Thomas. On the synthesis of strategies in infinite games. in: STACS 95 (E.W. Mayr, C. Puech, Eds.), Springer LNCS 900, 1-13, 1995. 13. M. Vardi. An automata-theoretic approach to linear temporal logic. Proceedings of the VIII Banff Higher Order Workshop. Springer Workshops in Computing Series, Banff, 1994. 14. W. Zielonka. Infinite games on finitely coloured graphs with applications to automata on infinite trees. Theoretical Computer Science, 200, 135-183, 1998.

252

COMPUTATIONAL COMPLEXITY OF FRACTALS

KER-I KO Department of Computer Science State University of N e w York at Stony Brook Stony Brook, N Y 11794 E-mail: [email protected] This paper surveys recent work on the computability and computational complexity of two-dimensional regions and fractal curves, in the context of Turing machinebased computable analysis and discrete computational complexity theory.

1. Introduction

Fractals are interesting objects that occur in many different areas of research (see, e.g., Mendelbrot [ll],Peitgen et al. [12], Barnsley [l]and Falconer [5]). Simple iterative algorithms can produce complicated fractals in the limit. These fractals, though easy to generate, often have fine structures that make their basic properties hard to compute. For instance, Mendelbrot Ill], in his study of the coastline problem, pointed out that it may be easy to generate a Koch-like two-dimensional fractal curve but hard to measure its length. In order to understand the precise relations between the computational complexity of a fractal curve itself and that of its other properties, such as its length and the area of its interior, we need to develop a formal theory of computational complexity of fractals. In this paper, we present a short survey of recent work toward this goal. We apply the formal theory of computable analysis and computational complexity of real functions, which use Turing machines as the basic computational model, to the study of fractals. In particular, we discuss how to extend these theories to define computable and feasibly computable twodimensional regions. Based on this computational model, we then consider some basic issues about fractals, including the following questions: (1) If a two-dimensional curve I? is computable (or polynomial-time computable), does it follow that its length is also computable (or, respectively, polynomial-time computable)?

253

(2) If a two-dimensional Jordan curve (i.e., a simple closed curve) I' is computable (or polynomial-time computable), does it follow that the area of its interior is also computable (or, respectively, polynomialtime computable)? (3) If a two-dimensional curve I? is computable (or polynomial-time computable), does it follow that its Hausdorff dimension is also computable (or, respectively, polynomial-time computable)? (4) If a two-dimensional curve I' is computable (or polynomial-time computable) and its Hausdorff dimension is also computable (or polynomial-time computable), does it follow that its Hausdorff measure is also computable (or, respectively, polynomial-time computable)? (5) If a function f is computable (or polynomial-time computable), does it follow that its (generalized) Julia set J ( f ) is also computable (or, respectively, polynomial-time computable)? For most of these questions, we present a negative answer. That is, through the construction of various fractal curves, we show that there exist feasibly computable curves (or functions) whose related properties are not even computable. In the following, we assume basic knowledge of computable analysis and complexity theory of real functions. For a complete treatment of these subjects, see Pour-El and Richards [13], Weihrauch 1171, KO [6] and [8]. For the basic notions of complexity classes discussed in this paper, see Du and KO [4]. 2. Computability of a Two-Dimensional Region

First, we present a brief review of the notion of computable real functions. We use Cauchy sequences of dyadic rational numbers to represent real numbers. Let D denote the set of dyadic rationals; i.e.,

Each dyadic rational d has an infinite number of binary representations. For instance, d = 318 may be represented by

0.011

,oo...o_ k

with an arbitrary number k of trailing zeroes. A binary representation s of a dyadic rational d is said to have n bits ( i n the fractional part) if s has

254

exactly n bits to the right of the binary point. We let D denote the set of binary representations of dyadic rationals, and let D, be the set of all binary representations s E D which have exactly n bits. When there is no confusion, we use s E D to denote both a binary representation in D and the dyadic rational d it represents. We say a function q5 : N + D binary converges to a real number x, or represents a real number x, if (i) for all n 2 0, q5(n) has a binary reprefor all n 2 0, )x- q5(n)I 5 2-". For sentation of at most n bits, and (ii) each function q5 that binary converges to x, there is a corresponding set representation of 2, namely, the set L6 = { s E D 1 ( I n )[s has n bits and s

< #(.)I}.

(Note that L4 is defined as a set of binary representations of dyadic rationals, instead of a set of dyadic rationals. It is possible that two different s , t E D represents the same dyadic rational d, but one is in L4 and the other is not.) We call such a set a left cut of x. For any x E R, there is a unique function q5, : N + D that binary converges to x and satisfies the condition x - 2-, 5 &(n) < x for all n 2 0. We call this function #, the standard Cauchy function for x. The left cut L#x that corresponds to the standard Cauchy function 4, for x is called the standard left cut of x, and we write L, for L # x . It is easy to see that L, = {s E D 1 s < x}. (Note that the set L, may be treated as a set of dyadic rationals. The membership of a dyadic rational d in L, is independent of its binary representations.) To compute a real-valued function f : R + R, we use oracle Turing machines as the computational model. A function f : R + R is said to be computable if there is an oracle Turing machine M , that uses a function q5 : N + D that binary converges to a real number x as an oracle, such that on input n E N, M"n) outputs a string d E D, such that Id- f(x)l 5 2-n. This notion of computable real functions can be extended to functions from R to R2 (and functions from R2 to R2) in a natural way. More precisely, a function f : R + R2 is computable if there is an oracle Turing machine M that, on oracle q5 which binary converges to z E R and an input n E N, outputs two strings d l , d2 E D n such that both [ d l-y1 I and Id2 -y21 are bounded by 2-,, where f(x) = (yl,y2). To compute a function f from R2 to R2, we modify the above oracle Turing machine M to use two oracle functions q51,q52 : N + D which binary converge to two real numbers x1 and x2. We now extend this concept of computability to two-dimensional subsets

255

S E R2. For any set S R2, let xs denote its characteristic function; i.e., x s ( ( x , y ) )= 1 if ( x , y ) E S and x s ( ( x , y ) )= 0 if ( x , y ) $ S. Intuitively, a set S R2 is computable if xs is a computable function, or, equivalently, if there is an oracle Turing machine M that uses two functions that represent a point ( x , y ) in R2 as oracles and decides whether ( x , y ) E S. However, we notice that the function xs is discontinuous at the boundary of S , and hence, from a well-known result in computable analysis, it cannot be decided completely by the Turing machine M (unless S is trivial). Instead, we must allow M to make mistakes. There are several ways to relax the requirement on machine M . Here, we present two formal definitions. The first one is recursive approximability, which is an extension of the notion of recursive approximability of sets of real numbers in KO [6]. Informally, a set S Rz is recursively approximable if there is an oracle Turing machine M that takes two functions representing a point ( x ,y ) E R2 as the oracles and an integer n as the input, and decides whether ( x ,y) is in S in R2 of Lebesgue such a way that the errors of M occur in a set E,(M) measure less than 2-n. We write p ( A ) to denote the two-dimensional Lebesgue measure of a set A 5 R2, and p * ( A ) the outer measure of set A. Definition 2.1. A set S 5 R2 is recursively approximable if there exists an oracle Turing machine M such that for any oracles (6,,$) representing a point ( z , y ) E R2 (i.e., 6, and $ binary converge to x and y, respectively), and for any input n, M outputs either 0 or 1 such that the following set E,(M) has measure p*(E,(M)) 5 2-n:

E n ( M ) = { ( x , y )E Rz I there exists ($,$) representing ( x , y ) such that M @ > @ (#n x) s ( ( x , y ) ) } . The notion of recursively approximable sets is equivalent to the notion of recursively measurable sets of Sanin [15]. The second notion of computability of a two-dimensional subset of R2 is recursive recognizability. Informally, a set S C R2 is recursively recognizable if there exists a Turing machine that recognizes whether two given oracle functions represent a point ( x , y ) in S correctly for all points that have a distance greater than 2-, from the boundary of S , where n is the input.

Definition 2.2. A set S C R2 is recursively recognizable if there exists an oracle Turing machine M that works as in Definition 2.1 such that E,(M) C_ ( ( 2 ,y) E R2 I the distance between ( x ,y) and the boundary of S is 5 2-"}.

256

Both of the above two computability notions of two-dimensional regions allow two-sided errors to occur in the computation; that is, errors may occur at some point ( X I , y1) E S and also at some point ( 2 2 , y2) # S. For certain types of regions, we might want to consider the notion of computability with only one-sided errors. For instance, if a set S has Lebesgue measure equal to zero, then it is trivially recursively approximable, since an oracle Turing machine that always outputs 0 has error measure p(E,(M)) = 0. Such an oracle Turing machine also recursively recognizes S since all the errors occur at points in S and hence at the boundary of S. To more correctly reflect the notion of computability on such sets, we would like the oracle Turing machine to have errors only when the oracles represent a point ( 2 ,y ) that is not in S . We call a recursively approximable (or recursively recognizable) set S R2 strongly recursively approximable (or, respectively, strongly recursively recognizable) if the underlying oracle Turing machine M satisfies the additional condition that E n ( M ) n S = 0. The particular type of subsets of the two-dimensional plane we are interested in here is the class of bounded simple regions, i.e., bounded, connected subsets of R2 which contain no holes. For simple regions whose boundaries are simple closed curves (i.e., Jordan curves), we have a third natural notion of computability: the computability of its boundary as a function from [0,1] to R2. That is, we may consider a region S computable if there is a computable real function f : [0,1] + R2 whose range is exactly the boundary rs of region S. The relations between these notions of computability on twodimensional regions are not simple. We first list some positive results.

Theorem 2.1. (Chou and KO [3]) (a) If the boundary of a region S is a computable Jordan curve, then S is recursively recognizable. (b) If the boundary of a region S is a computable Jordan curve of a finite length, then S is recursively approximable. (c) If S is recursively approximable, then S is recursively recognizable. The proofs of the following negative results about these computability notions are based on the fractal construction of Section 4.

Theorem 2.2. (a) There exists a computable Jordan curwe r whose interior S is not recursively approximable. (b) There exists a recursively recognizable set S that is not recursively approximable. For the more precise relation between a computable Jordan curve and

257

recursive approximability of its interior, see Theorem 4.l(b). Finally, we remark that most relations between strongly recursively approximable sets and strongly recursively recognizable sets are negative ones. We summarize these results below. Since the proofs are relatively simple and do not involve the construction of fractal curves, we omit them here.

Theorem 2.3. (Chou and KO [3]) (a) There exists a recursively approximable set that i s n o t strongly recursively approximable. (b) There exists a recursively recognizable set that is n o t strongly recursively recognizable. ( c ) T h e class of strongly recursively approximable sets and the class of strongly recursively recognizable sets are incomparable. 3. Computational Complexity of Two-Dimensional Regions

Since the notion of computable real functions is defined by oracle Turing machines, it is natural to extend this notion to polynomial-time computable real functions. Namely, we say a function f : P -+ P is polynomial-time computable i f f is computable by an oracle Turing machine M such that for all oracles 4 and all inputs n, M b ( n ) halts in time p ( n ) for some polynomial function p . Polynomial-time approximable and polynomial-time recognizable sets S P2 can also be defined based on the time complexity of oracle Turing machines.

s

Definition 3.1. (a) A set S C R2 is polynomial-time approximable if it is recursively approximable by an oracle Turing machine M that, on input n, runs in time p ( n ) for some polynomial p , regardless of what the oracles are. P2 is polynomial-time recognizable if it is recursively (b) A set S recognizable by an oracle Turing machine M that, on input n, runs in time p ( n ) for some polynomial p , regardless of what the oracles are. The notions of strongly polynomial-time approximable sets and strongly polynomial-time recognizable sets can be defined in a similar way. Strongly polynomial-time recognizable sets are interesting since they can be used to characterize the sets of zeroes of polynomial-time computable functions from [0, 112to R2. (A function f : [0, 112 -+ R2 is polynomial-time computable if it is computable by a two-oracle Turing machine M such that for all oracles 4,q!~and all inputs n, Mb!G(n) halts in time p ( n ) for some polynomial function p . ) Rettinger and Weihrauch [14] also used the notion of local t i m e complexity, which is closely related to the notion of strongly

258

polynomial-time recognizability, to study the computational complexity of Julia sets. Regarding the relations between these notions of polynomial-time computability of two-dimensional regions, we note that results in Theorem 2.1 do not extend to their polynomial-time counterpart immediately. They depend on the unknown relations between discrete complexity classes. To avoid the definitions of some nonstandard complexity classes, we only present the relations in terms of well-known complexity classes. For more details, see Chou and KO [3]. The following complexity classes of sets of strings are well known:

P : the class of sets computable in polynomial time by deterministic Turing machines; FP: the class of functions computable in polynomial time by deterministic Turing machines; BPP: the class of sets computable in polynomial time by probabilistic Turing machines, with bounded errors; NP: the class of sets computable in polynomial time by nondeterministic Turing machines; # P : the class of functions that count the number of accepting computation paths of a polynomial-time nondeterministic Turing machine; UP: the class of sets computable in polynomial time by nondeterministic Turing machines that have at most one accepting computation path.

c

c

c

It is known that P UP N P , P BPP, and F P C # P . It is also [ P = BPP]. It is known that [FP = #PI + [ P = NP], and [FP = #PI not known whether any of the above equations holds.

+

+

Theorem 3.1. (Chou and KO [3])In the following, (a) (b) + (c). (a) FP = # P . (b) All polynomial-time approximable subsets of [0,112 are polynomialt i m e recognizable. (c) BPP = P . Theorem 3.2. (Chou and KO [3])In the following, ( u ) 3 ( b ) + ( d ) and ( a ) ( 4 + (4. (a) FP = # P . (b) If r i s a polynomial-time computable Jordan curve, t h e n the interior S of I? is polynomial-time recognizable.

*

259

(c) If I? is a polynomial-time computable Jordan curve, and i f I? has a finite length, then the interior S of is polynomial-time approximable. (d) UP = P ; i.e., one-way functions do not exist. In other words, if BPP # P and UP # P , then the relations of Theorem 2.1 do not hold for their polynomial-time counterparts. To demonstrate the proof techniques for these results, we present in the following, a sketch of the proof of a weaker result of (b) (c) of Theorem 3.1.

+

Theorem 3.3. If there exists a set T C {1}*(called a tally set) in the class BPP - P , then there is a nondegenerate rectangle [a,b] x [c, d] that is polynomial-time approximable but not polynomial-time recognizable.

Sketch of Proof. The main observation is that there is a simple construction of a real number x from a given tally set T 5 {1}*such that x and T have the same time complexity, within a polynomial factor. Namely, define M

z = C(XT(10)

+ 1) 4-". *

n= 1

Then, it can be proved that x and T satisfy the following properties: (1) The standard left cut L, of z is polynomial-time computable relative to T (i.e., it can be computed in polynomial time by an oracle Turing machine that uses set T as an oracle). (2) Set T is polynomial-time computable relative to x (i.e., T can be computed in polynomial time by an oracle Turing machine that uses a function $ that binary converges to x as an oracle). Thus, for T E BPP - P , we know that x is not polynomial-time computable but its standard left cut L, is in BPP. Let A be the rectangle [0,x] x [0,1]. We claim that A satisfies the required conditions. First, we check that A is not polynomial-time recognizable. Assume, by way of contradiction, that A is polynomial-time recognizable by an oracle Turing machine M . Then, we can compute an approximation d to x within error 2-" as follows: We simulate M to binary search for a dyadic rational e E D which has a binary representation in Dn+l such that M(e*1/2)(n+l) = 1and M(e'91/z)(n+l) = 0, where e' = e+2-(n+1). Then, either M is correct on these two computations and hence e 5 x 5 el, or M makes a mistake on at least one of these two computations and hence e or el is within distance 2-("+l) of the right line segment of the rectangle. In either case, we know that ( x - el 5 2-n and ( x - e'( 5 2-". One of the numbers e or e' has

260

a binary representation in D, and is the required approximation. This contradicts the fact that x is not polynomial-time computable. Conversely, we check that A is polynomial-time approximable. Let M I be a probabilistic Turing machine that accepts the standard left cut L, of x in polynomial time. It means that there is a two-input deterministic Turing machine and a polynomial function p such that, for all dyadic rationals d c Dn7 (a) if d < x then Prlwl=p(n)[al(d, w) = 11 > 1 - 2-,, and (b) if d > x then Prlwl=p(n)[ul(d,w)= 11 < 2-". (In the above, we have used a standard method of amplification of accepting probability on probabilistic Turing machine M I ;see Theorem 8.19 of Du and [41.) Now,we design an oracle Turing machine M as follows: For any oracle functions 47II, that represent a point ( y ,z ) in [0,112, and for any input n, it first gets d, = d ( n + 3 + p ( n + 3 ) ) and d, = II,(n+3). Then, it decodes dy to d and w where d consists of the first n 3 bits of d, and w is the string of the last p ( n 3 ) bits of d, (i.e., in the binary expansion form, d, = 0 . d ~ ) . M accepts if and only if (d, w) = 1 and 0 5 d, 5 1. It is not hard to verify that M only makes mistake at a point ( y ,z ) if (1) lz - 11 I 2-("+3) or Iz - 01 < - 2-("+3), (2) ly - X I 5 2-("+3) or 1y - 01 5 2-(n+3), ( 3 ) d, = 0.dw a n d d < x b u t ~ 1 ( d , w ) = O o r ( 4 ) d Y = O . d w a n d d > x b uut l ( d , w ) = l . The outer measure of these error areas is, for each of (1) and ( 2 ) , at most 2-(n+2) and, for ( 3 ) and (4) together, at most 2-("+2). Altogether, we have p * ( & ( M ) ) I 2-,. 0 KO

+

+

The negative results of Theorem 2.2 can be extended to the polynomialtime setting.

Theorem 3.4. (a) There exists a polynomial-time computable Jordan curve I? whose interior S is not recursively approximable. (b) There exists a polynomial-time recognizable set S 5 R2 that is not recursively approximable. For strongly polynomial-time computability notions of two-dimensional regions, all negative results of Theorem 2.3 still hold.

Theorem 3.5. [Chou and KO, 31 (a) There exists a polynomial-time approximable set that is not strongly polynomial-time approximable. (b) There exists a polynomial-time recognizable set that is not strongly polynomial-time recognizable.

26 1

(c) The class of strongly polynomial-time approximabke sets and the class of strongly polynomial-time recognizable sets are incomparable.

4. Fractal Curves and Their Interiors

In this section, we consider Questions (1) and (2) listed in Section 1. We first give a complete characterization of the computability of the interior of a Jordan curve in terms of the Lebesgue measure of the curve itself. Recall that a set S E R2 is r.e. open if there exist recursive functions 4, $, 0 : N + D such that S = Ur='=, R,, where R, is the 0(n) x O(n) open square centered at ( $ ( n ) , $ ( n ) )We . say T R2 is r.e. closed if R2 - T is r.e. open. A real number x is called left r.e. if its standard left cut L, is r.e.; it is called right r.e. if -x is r.e. The relations between the computability of a Jordan curve r and the computability of its interior S and its measure p ( S ) can be summarized as follows: Theorem 4.1. (KO and Weihrauch [lo]) (a) If a Jordan curve r is computable, then its interior S and its exterior T are r.e. open sets. Furthermore, the measure p ( S ) must be a left r.e. real number, and the twodimensional Lebesgue measure p ( r ) must be a right r.e. real number. (b) If a Jordan curve is computable and the two-dimensional Lebesgue measure p ( r ) of the curve itself is zero, then its interior S is recursively approximable. (c) If a Jordan curve I? is computable and the two-dimensional Lebesgue measure p ( F ) of the curve itself is a recursive real number, then the measure p ( S ) of its interior S must be a recursive real.

It is interesting to note that, in Theorem 4.l(b) and 4.l(c), the curve may be a fractal (a fractal curve may have measure zero in the twodimensional plane). That is, even if a curve is a fractal, its interior is still recursively approximable-as long as the two-dimensional measure of I' is zero. On the other hand, if the curve r has a nonrecursive two-dimensional measure (and hence must be a fractal), then it may have a noncomputable interior.

r

Theorem 4.2. (KO and Weihrauch [lo]) For any left r.e. real number x > 0 , there is a polynomial-time computable Jordan curve r whose interior has Lebesgue measure equal to x.

262

Figure A basic curve of rn. The dash line is a basic line segment c r,-1, ant the dot lines are the basic curves of rn+l that replaces the basic line segments of r,.

Proof Idea. The proof of this result is based on the construction of a monster curve. (A curve is called a monster curve if it is a simple curve and yet its two-dimensional measure is greater than zero [ll].)It is a standard iterative construction that is used to define, for instance, the Koch curve. Namely, we start with a line segment ro. Then we construct at each stage n > 0, a curve ,?I and let r be the limit of I?,. Each curve I?, has 4n basic line segments, and I'n is constructed from rn-l by replacing each basic line segment of r,-I by a basic curve that contains four shorter basic line segments (see Figure 1). By choosing a suitable initial basic line segment I'o, we can make the limit curve I? of I?, to have a positive measure q for any given dyadic rational q > 0. Correspondingly, the interior of r has a measure r E ED. Intuitively, if x is left r.e., then there is a Turing machine M that outputs an increasing sequence dl ,d z , . . . of dyadic rationals that converges to x. If we simulate this machine for i moves, and output the largest dj that M generates in i moves, this sequence can be generated by a polynomial-time Turing machine. Formally, if x is left r.e., then there exists a polynomialt i m e computable function e : N + N such that e ( i ) 2i and


1.

r on

265

The above definitions of Hausdorff measure and Hausdorff dimension are quite abstract and do not seem to provide a natural method for calculation. As a consequence, the computation of the Hausdorff dimension of a set is considered very difficult. In the following, we justify this intuition on fractal sets in the one-dimensional line R and fractal curves on the two-dimensional plane Rz. First recall that a set S R is recursively open if there exist recursive functions 4, $ : N + D and 0 : N + N such that (i) S = u,"==,($(n), $(n)), and (ii) p ( U ~ B ( n ) ( ~ ( k ) , $ ( k 0 then limn-,m gn (x)= ca and hence 2 !$ J ( g ) and if h(x) = 0 then g k ( z )= 0 and x E J ( g ) . Thus, deciding whether a point x is in J ( g ) or not is equivalent to deciding whether h(x) > 0, and the theorem follows from the fact that deciding whether two given Cauchy functions represent two distinct real numbers or not is undecidable (see KO [6]). Intuitively, we suspect that a Julia set of a computable function f is difficult to compute because of the unpredictability of the behavior of fk(x) after a large number of iterations, rather than the inability to determine whether f(x) > 0. To understand more clearly why Julia sets are hard to

268

compute, we show in the following that a dynamical system can actually simulate the computation of a universal Turing machine M such that its Julia set corresponds to the complement of the halting set of M .

Theorem 6.2. (KO [9]) Let M be a Turing machine over the alphabet C. There exist polynomial-time computable functions f : [0,1] -+ R and h : C* + R such that, for any w E C* of length n, (i) i f M accepts w , then [ h ( w ) ,h ( w ) cVn]n J ( f ) = 8, and (ii) i f M does not accept w , then [ h ( w ) , h ( w ) c - ~ C ] J(f), where c is a positive constant.

+

+

Sketch of Proof. Basically, we treat the computation of M as a discrete dynamical system. That is, the mapping from a machine configuration to its successor configuration is a polynomial-time computable function g , and the iteration of this function is a dynamical system whose behavior is equivalent to the computation of the Turing machine M . The function f in the theorem is, thus, just a continuous function that encodes the discrete function g , and h a function that on input w encodes the halting configuration of M on w . 0 Corollary 6.2. (KO [9]) There exists a polynomial-time comuptable function f : R -+ R such that J ( f ) is not recursively approximable. I n addition, f satisfies the following property: f o r any two dyadic rationals d , e , the question of whether f ( d ) > e is decidable in polynomial time.

Finally, we remark that there are studies of Julia sets of some specific dynamical systems. For instance, Rettinger and Weihrauch [14] have studied the Julia sets defined by the one-complex-variable functions of the form f(z) = z2 c. Other related results can be found in Saupe [16] and Zhong P81.

+

References 1. Barnsley, M. F., Fractals Everywhere, Academic Press, 2nd Edition, Boston, 1993. 2. Cenzer, D., Effective real dynamics, in Logical Methods, J. N . Crossley, J. B. Remmel, R.A. Shore, M. E. Sweedler, eds., Birkhauser, Boston, 162177, 1993. 3. Chou, A. W. and KO, K., Computational complexity of two-dimensional regions, SIAM J. Comput. 24, 923-947 (1995). 4. Du, D.-Z. and KO,K., Theory of Computational Complezity, Wiley, New York, 2000.

269

5. Falconer, K., Fractal Geometry, Mathematical Foundations and Applications, Wiley, New York, 1991. 6. KO, K., Complexity Theory of Real Functions, Birkhauser, Boston, 1991. 7. KO,K., A polynomial-time computable curve whose interior has a nonrecursive measure, Theoret. Comput. Sci. 145,241-270 (1995). 8. KO, K., Polynomial-time computability in analysis, in Handbook of Recursive Mathematics, Vol. 2: Recursive Algebra, Analysis and Combinatorics, Yu. L. Ershov, S.S. Goncharov, A. Nerode and J. Remmel, eds., Studies in Logic and the Foundations of Mathematics, Vol. 139, Elsevier, Amsterdam, pp. 1271-1317, 1998. 9. KO, K., On the computability of fractal dimensions and Hausdorff measure, Annals of Pure and Appl. Logic 93,195-216 (1998). 10. KO, K. and Weihrauch, K., On the measure of two-dimensional regions with polynomial-time computable boundaries, in Proceedings of I 1 th IEEE Conference on Computational Complexity, IEEE Computer Society Press, 150-159, 1996. 11. Mandelbrot, B., The Fractal Geometry of Nature, W. H. Freeman, New York, 1983. 12. Peitgen, H.-O., J ~ r g e n sH. , and Saupe, D., Chaos and Fractals, New Frontiers of Science, Springer-Verlag, New York, 1992. 13. Pour-El, M. and Richards, I., Computability in Analysis and Physics, Springer-Verlag, Berlin, 1989. 14. Rettinger, R. and Weihrauch, K., The computational complexity of some Julia sets, in Proceedings of the Fifth Workshop on Computability and Complexity in Analysis, V. Brattka, M. Schroder, and K. Weihrauch, eds., FernUniversitat, Hagen, 159-169, 2002. 15. Sanin, N., Constructive Real Numbers and Function Spaces, Translations of Mathematical Monographs, 21,translated by E. Mendelson, American Mathematical Society, Providence, RI, 1968. 16. Saupe, D., Efficient computation of Julia sets and their fractal dimension, Physica 28D, 358-370 (1987). 17. Weihrauch, K., Computable Analysis, A n Introduction, Springer-Verlag, Berlin, 2000. 18. Zhong, N., Recursively enumerable subsets of Rq in two computing models, Blum-Shub-Smale machine and Turing machine, Theoret. Comput. Sci. 197, 79-94 (1998).

270

DEFINABILITY IN LOCAL DEGREE STRUCTURES - A SURVEY OF RECENT RESULTS RELATED TO JUMP CLASSES

ANGSHENG LI* Institute of Software, Chinese Academy of Sciences, P.O. Box 8718, Beajing, 100080, P. R. of China. E-mail: angshengaios. ac. cn

YUE YANG+ Department of Mathematics, Faculty of Science, National University of Singapore, Lower Kent Ridge Road, Singapore 119260. E-mail: mat yangy aleonis. nus. edu. sg

Keywords: Computably enumerable degrees, jump classes, definability, ideals, n-c.e. degrees We review recent developments in the study of local degree structures, with emphasis on relations which are definable by local properties.

1. Introduction The study of degree structures is one of the main areas of computability theory. In this survey paper, we shall focus on Turing degrees below O f , *Partially supported by NSF Grant No. 69973048 NSF Major Grant No. 19931020 (P. R. CHINA) and by NUS Grant No. R-146-000-028-112 (Singapore). $Partially supported by NUS Grant No. R-146-000-028-112 (Singapore). Both authors would like to thank Chong Chi-tat and Wu Guohua for suggestions.

27 1

more precisely, we shall discuss properties related to jump classes in both c.e. degrees and in the difference hierarchy, i.e., in n-c.e. degrees for n > 1. In the past decade, many breakthroughs were made and some longstanding open problems were solved, notably Shore and Slaman’s result of definability of jump operators [93], and Nies, Shore and Slaman’s definability results concerning “most of’’ the jump hierarchies [79]. The methods involved, such as forcing and coding standard models into c.e. degrees, have strong “global” flavor. These methods are general and yield quite powerful results, but the definability results obtained do not have the flavour of “natural” definability. The word “natural” is meant for logically simple and coming from normal properties such as join or meet. Finding a natural definition of any of the jump classes would illuminate the role of the Turing jump in R,and a positive solution of the problem of a natural definable degree would challenge existing priority methods. The elusiveness of natural definitions suggests the lack of understanding of various aspects of the structure. However, it should be pointed out that it is not entirely clear if such a natural definition exists at all.

In any case, the significance of a natural definition is much greater than merely providing another definition of the relevant jump class. It is our hope that knowing the global definability will stimulate more efforts on the study of local properties. We also feel that the study of local properties would offer some technical breakthroughs to tackle more difficult problems. Historical examples such as Lachlan’s proof of the Nonsplitting Theorem which introduced the 0”‘-priority argument, would seem to support this hypothesis. We only focus on very selective topics in the area. There are a number of other recent important developments, and we refer to [15] and [42]. Also there can be found comprehensive lists of open problems. We especially recommend the articles by Arslanov [8], Lerman [61], Nies [78], and Shore [go] in [15] and Cooper [21], Slaman [94] and Shore [89] in [42]. For those who are interested in local Turing degree theory, we also recommend a recent survey paper by Li [65], which had reviewed many results and discussed many foundamental problems. This paper is divided into two natural parts: one on computably enumerable degrees and one on the difference hierarchy.

272

2. Cornputably Enumerable Degrees

Let R denote the structure (R,ST),where R is the set of all computably enumerable (c.e.) degrees and 2)

We now return to the distributions of nonsplitting bases. By the Robinson Low Splitting Theorem (Theorem 2.3), there is no low Lachlan nonsplitting base. In fact, Arslanov, Cooper and Li [9] have obtained a stronger version of low splitting theorem: Theorem 2.11. (Generalized Low Splitting Theorem) For any c.e. set A, any A: set L , if L y)(x) = x holds, because, for any S M L integer x, the lambda application (fun y => y)(x) is equal to x. We represent the state of a program’s execution by a collection of value assignments, one for each state reference of StateRef. Formally, we define the set of states C to consist of functions, a : StateRef --+ ADT. Each 0 E C represents a possible state of the computer’s memory, where a ( . ) is the value assigned to state reference s which is in StateRej For example, if is the state after executing r := 40, then a ( . ) = 40,because we know that r stores an integer reference ref 40. A side-effect is the result of executing an imperative program: a transition from an initial state of a computer’s memory to a final state. Because SML(StateRe8 programs only use global state references from StateRef, we can define a simple semantics for representing the side-effect of a program’s execution. Given an SML(StateRe8 program, we write (p,a) 6 (1,a’) to mean that, starting from an initial state a, the program p will terminate and result in the value 1 and a final state 0‘. For the purposes of this paper, we take 6 to be the transitive closure of the relation D given by the operational semantics presented in Fig. 1. For instance, if r E StateRef, then (r :=!r 1;!r;;,0) 6 (1,a’) holds,

+

347

a(b) --+AD7 true

( i f b then p else q, a) D (p, a)

(condl1

false

a(b)

( i f b then p e l s e q, a)D (q,a)

(cond2)

u(b) - ) A D 7 f a l s e (whilel) (while b do c; done, a) D ((>,a)

(c, a) D (r,u‘) (while2) (while b do c; done, a) D (while b do c; done, a’) a(b)

true

Figure 1. Operational Semantics for our programs.

when, for instance, a(.) = 14 and a’(r) = 15. The execution of an imperative program will produce a whole range of side-effects, depending upon the initial state of the memory. We formally denote such a range by a set-theoretic relation, a side-effect relation, between initial and final states. The set of side-effect relations, R e l , is defined as a subset of the power set P(C x C) of pairs from the set of states C. As usual, we write a R a’ if (u,u’) E R. A side-effect relation provides a semantics for an imperative program when the relation’s state pairs consist of the possible initial and final states for the program.

Definition 2.1. Side effect relations. A side-effect relation R is the semantics of an SML(StateRefi program p, written R = [p], when, for all

348

states IT, IT'E 2, (T

* (p,

R IT'

IT)

6 (*, IT') for some value *.

It follows from this definition that if aRa' and ITRO", then is uniquely determined by the initial state c.

IT'= IT",

i.e.

(T'

3. Specification of side-effects and return values

Our logic is used to specify and reason about two aspects of imperative program behaviour: possible side-effects and possible return values. Possible side-effects are specified as pre- and post-conditions (in a single formula style (as opposed to the semantically equivalent Hoare-triple style of [9]). Because a program's side-effect is described in terms of initial and final state reference values, prior to and after execution, these initial and final state reference values are respectively denoted by the name of the state reference with a ()i and with a ()f subscript. For instance, the formula rf > ri describes every possible side-effect of the program r :=!r 1. It specifies side-effects whose final value of r, denoted by r f , is greater than the initial value, denoted by ri. Possible return values are specified as the required constructive content of a formula, in the same way that functional programs are specified in constructive type theories. So, for instance, the formula 3y : int.Prime(y)A y > ri describes a return value y of a program, such that, for any side-effect, y is prime and greater than the initial value of r.

+

3.1. Formulae The formulae of our basic (intuitionist) logic are defined as usual. Our quantifiers are sorted, and take sorts from ADT. For instance, if int E AVT, then 3x : int.x = 0 and Vx : int.x = x are well-formed. To enable the specification of side-effects, our formulae involve terms of ADT, extended over the subscripted StateRef symbols (which denote initial and final state reference values). For instance, if r E StateRef then ri * 20 r f is a wellformed term that may be used in our logic.

+

3.2. Specification of side-eflects

In order to define when a formula is true of a program's execution, we define when a formula is true of a side-effect relation from Rel. Take a formula P of our calculus. Let IT and IT' be initial and final states for some side-effect

349

relation. We write P,"' for the formula formed from P by replacing every initial state reference value symbol si (s E StateRefi by an actual initial state reference value u ( s ) , and similarly for final state references. Then, given a relation R E Rel, an initial state u and a final state u' such that u R u', then we write R It: P when R It, P,"'. Definition 3.1. A formula P is true of a side-effect relation under the interpretation L R, written R It, P , when (a,~') ER

+ R It-, P,"'

A formula is true of a program p under the interpretation L if it is true of the relation for the program for L: that is, when [p] It, P. When this holds for every 1, we write [p] It P. 3.3. Specification of return values

It is also possible t o use formulae to specify possible return values of imperative programs. This is done by extending the way that formulae of intuitionistic logic specify a functional programs, according to the proofsas-program paradigm. To understand this form of specification, we first need some definitions.. We first need to define Harrop formulae. Definition 3.2. Harrop formulae, see [8]. A formula F is a Harrop formula if it is 1) a n atomic formula, 2) of the form ( A A B ) where A and B are Harrop formulae, 3) of the form ( A + B ) where B (but not necessarily A) is a Harrop formula, or 4) of the form (Vx : s.A) where A is a Harrop formula. We write Harrop(F) if F is a Harrop formula, and THarrop(F) if F is not a Harrop formula.

We also need to define a sort-extraction map xsort which extracts the sort from formulae to sorts of AV'T. This is given by the axioms of Fig. 2. We can now define the Skolem form of a program-formula pair. This is the usual definition for first-order many-sorted logic over d V 7 (e.g., that of [l]).However, because our formulae are first-order many-sorted logic over AV'T extended by state identifiers, the definition can be used for our formulae. As usual inl(z) and inr(x) are the first and second encodings of x in pairs and fst(y) and snd(y) are the first and second components of the pair y.

350

F

AAB AVB A+B Vx : S.A 32 : S.A

I

xsort(F)

Unit if not Hurrop( B ) xsort ( A ) xsort(B) if not Hurrop(A) xsort(A)* xsort(B) otherwise xsort(A)Ixsort(B) xsort ( B ) if not Hurrop(B) xsort(A)-+ xsort(B) otherwise s -+ xsort(A) if Harrop(A) s * xsort(A)otherwise Unit

{

{ {"

Figure 2. Inductive definition of xsort(F),over the structure of F, where P is an atomic predicate.

Definition 3.3. Skolem form and Skolem functions. Given a closed formula A, we define the Skolemization of A to be the Harrop formula Sk(A)= Sk'(A,@),where Sk'(A,AV) is defined as follows. A unique function letter f~ (of sort xsort(A))called the SkoZem function, is associated with each such formula A. AV represents a list of application variables for A (that is, the variables which will be arguments of f ~ ) .If AV is (21 : s1,.. . ,x, : s,} then f ( A V )stands for the function application

Wdf, ( x 1 , .. .,4 ) . If A is Harrop, then Sk'(A,AV) If A B V C , then

= A.

Sk'(A,AV) = (Vx : x s ~ r t ( A ) . f ~ ( A =V inZ(x) ) -+ S l c ' ( B , A V ) [ x / f ~ l ) A ( b : xsort(B).f~(AV) = inr(y)-+ Sk'(C,A V ) [ y / f c ] ) If A

B A C , then

351

In the proofs-as-programs approaches of [l]and [14], a formula A specifies a functional program p if, and only if, the program is an intuitionistic modified realizer of A , now defined. Definition 3.4. Intuitionistic modified realizers. Let p be a term of CZosed(dD7) (and so, by the assumptions of Section 2, p.3, p can be considered to be a functional SML program that does not contain any state references). Let A be a first-order many-sorted formula predicating over A D 7 (but not using state identifiers). Then p is an intuitionistic modified realizer of A under the interpretation L when

Recall that, as discussed in Section 2 (p.3), the elements of Closed(dD7) are the return values of SML programs. So we can use the definition of intuitionistic modified realizability to define how our formulae specify return values. Definition 3.5. Return-value modified realizer. We say that an SML program p is a return-value modified realizer of a formula A under the interpretation L , when for for every n, n' such that (P,4

6 (a,4

the SML program a is an intuitionistic modified realizer of A,"' under this case, we write p retrnr, A. If p retrnr, A holds for every L , we write p retrnr A.

L.

In

A formula A of our logic specifies the return value of an imperative program p if p retrnr A. As a simple example, the Skolem form of the formula A z 3y : int.y = r i 1 is f~ = ri 1. It is true that, for any initial state n, (r :=!r + I;!r,0)C; (n(r)+i,n'). Also, ( f = ~ ri 1):' is f~ = o(r) 1.

+

+

+

+

352

I-1.A

(Axiom-I) if A E AX (assign) where s E StateReL

I- s := v 0 sf = tologici(v) I- p

0

c)

(tologic;(b)= true -+ k q 0 (tologici(b) = f a l s e -+ I- if b then p else q C

c) (if-then-else)

t- p (A[si/G] -+ B [ S f / B ] )

9 0 (B[Bi/G] -+ C[Sf/V]) (sed I- p; q 0 A[Si/G] -+ C [ S ~ / B ]

where A and B are free of state identifiers. I- q 0 (tologici(b) = true A A[si/v]) -+ A[sf/Uv] E A[&/v]-+ A[Sf/U] A tologicf(b) = fa lse

(loop)

where A is free of state identifiers.

F p o P I-l,,P-+A tpoA

(cons)

Figure 3. The basic rules of our calculus. Intuitionistic deduction is given in Fig. 4 based on the axioms Az(dDD7).

So, for every initial state (T,o(r)+l is an intuitionistic modified realizer of A. In this way, the formula A can be interpreted as a specification of an imperative program that returns an integer value equal to the value of r (prior to execution) plus 1. 4. The Calculus

Assertions of our calculus are of the form POA

consisting of a program p and a formula A. The formula is to be taken as a statement about the side-effect relation associated with p, provided that p terminates. Our calculus is a version of Hoare logic, providing a natural deduction system for constructing new program/formula pairs from known program/formula pairs.

353

x is not free in A

c : T is a valid sort inference

Figure 4. The basic rules of many-sorted intuitionistic logic, Int, ranging over terms with initial and final state identifiers. We assume that z , y are arbitrary d V 7 variables of some sort T, and that a is a term of arbitrary sort T. The map tologic takes programs to their logical counterparts if they give a Boolean value (see Def. 4.1).

The basic Hoare logic rules are presented in Fig. 3. It can be seen that each of these rules is equivalent to a rule of the more common presentation of the Hoare logic that uses Hoare triples instead of program/formula pairs - see [13] for a proof of this. The Hoare logic rules allow U S to build new programs from old and to prove properties of these new descriptions (cf. [9,4]). For example, the conditional (if-then-else) rule allows us to build a conditional program from given programs, and to derive a truth about the result. Hoare logic is defined with respect to a separate logical system [4]. Usu-

354

ally, this is classical logic (but we use intuitionist logic). The Hoare logic ~ and the logical system interact via a consequence rule. Assume M t - N denotes provability of formula N from formula M in the separate logical system L. Then the consequence rule can be formulated as follows

t- w p p

t -L

A (cons)

t-woA The meaning of this rule is that, if P implies A in the system L , and P is known to hold for the program w, then A must also hold for w. In this way, the separate logical system is utilized to deduce new truths from known ones about a given program. For the purposes of extending known results on program extraction, we define a Hoare logic that takes intuitionistic logic as its separate logical system. The standard rules that define our intuitionistic logic are given in Fig. 4. In these, in order to go from the programs to the logic we require the map tologici, which transforms an SML boolean function b into a boolean term, for use in formulae. The map replaces all state identifiers of the form !s with initial state identifiers of the form si.

Definition 4.1. Given any term b, we define tologici(b) = b[si/!s] where !8 is every dereferenced state reference in b, and 8i the corresponding list of initial state identifiers. We also define tologicf(b) = b[Sf/!S] where 5 is every dereferenced state reference in b, and Sf the corresponding list of final state identifiers. For the purposes of reasoning about an intended model, our calculus can be extended with axioms and schemata (including induction schemata). For the purposes of this paper, we do not deal with schemata. We shall assume a set of axioms A X , consisting of 1) program/formula pairs satisfying p 0 A E AX if, and only if, [p] It A in the intended model and 2) formulae, so that A E A X if, and only if, It A.

Remark 4.1. In [13] we give a proof of soundness for our calculus over SML execution traces. See [4] for proofs of soundness and a form of relative completeness for a wider range of models.

355

5. Adapting the Curry-Howard isomorphism Our calculus forms a type theory, LTT, with proofs represented as terms (called proof-terms), labelled formulae represented as types, and logical deduction given as type inference. The inference rules of the type theory are given in two figures: Fig 6 which gives the rules of the underlying intuitionistic logic and 7 which gives the rules connecting this logic into the full logic of proof terms for our calculus for the imperative language. We omit the full grammar of proof-terms, but the general syntax of proof-terms can be seen from the inference rules. (See [13] for full details.) Observe that, because of the ( c o n s ) rule, proof-terms corresponding to Hoare logic rule application involve proof-terms corresponding to intuitionistic logic rule application. We define a one-step proof-term normalization relation .us in Fig. 5, extending the usual /?-reduction of the lambda calculus. An application of this relation corresponds to simplifying a proof by eliminating redundant rule applications. For example, the reduction app(abstract X . C ~ - a+A~) .us , c[a/XlB

corresponds to simplifying a proof of B by deleting an occurrence of the (4-1) rule that is immediately followed by an (-+-E) inference. As in the Curry-Howard isomorphism for intuitionistic logic (see 171 or [5]) , proof normalization is given by the transitive closure of applications of this relation. Proof-term normalization does not remove any proof-terms corresponding to Hoare logic rule application. This results from the fact that a Hoare logic rule builds a program label from a given program, but there are no matching rules for reversing this construction.

Theorem 5.1. Strong normalization T h e theory LTT i s strongly normalizing: repeated application of o n a proof-term will terminate. r*g

Proof. See [13] for the proof of this and other proof-theoretic results (including the Church-Rosser property and type decidability). The theorem follows easily using rule 9 of Fig. 5, which shows that only intuitionistic 0 sub-proofs may be simplified in a Hoare logic proof. 6. Program synthesis

From a proof of a theorem, we can extract an imperative program which satisfies the theorem as a specification. For a proof/formula pair 1 A, a

356 1. 2. 3. 4. 5. 6.

7. 8.

app(abstract X . aA-'B,bA) -.+ u[b/XIB specific(use z : S. uvz:S.A,'u : S) -.+ a [ ' u / z ~ ~ [ ~ / ~ ] f s t ( ( a , b ) A A B )-.+ a A snd((a, b)AAB)

* bB

case tnI(u)AvB of Inl(zA).bc, Inr(yB 1.cC -.+ + / z ~ z case Inr(a)AVBof Inl(zA).bC, Inr(yB).cc us c[a/y] select (show(v, a)3Y.P)in zP.y.bC -.+ b[u/z][v/ylC a[b/z] and b -.+ c entails a[b/z] -.+ u[c/z] Figure 5. The eight reduction rules inductively defining -+.

program p is said to satisfy a program/formula pair 11 0 A when 0

0 0

the the the the

programs p and 1 have the same side efffects, program 1's side-effects make the formula A true, and program's return value is a return-value modified realizer for formula A (that is to say, p retmr A ) .

When this is the case, we say that p is a SML modified realizer of 1 A , and we write p mr 1 0 A. In Figs. 8 and 9 we define an extraction map extract : LTT + SML(StateRef), from the terms of the logical type theory, LTT, to programs of SML(StateRef). This map satisfies the following extraction theorems, which tell us that the map produces a SML modified realizer of the specification from a proof of that specification.

Theorem 6.1. Extraction of modified realizers from intuGiven any intuitionistic proof Flnt pA, then itionistic proofs. extract(pA) is an intuitionistic modified realizer of A . Proof. In [l,14,131, it has been shown that modified realizers can be obtained from ordinary intuitionistic proofs from the extract map. The only difference between ordinary intuitionistic proofs and formula A in the proofterm pA is that A may now involve initial and final state identifiers. However, this will not affect this proof (we can consider these identifiers to be distinguished variables in an ordinary intuitionistic proof to arrive at the 0 required result). Theorem 6.2. Extraction produces programs that satisfy proved then [extract(p)] It P . formulae. Given a proof I- pWoP,

357

A

t-lnt pAIAAz

A Elnt inr(p)Az

A t i n t pA1 A

(A-E2)

(V-11)

t i n t fSt(p)A1VA2

x is not free in A

c : T is a valid sort inference

a : T is a valid sort inference

x does not occur free in Q or A2

Figure 6. The basic rules of many-sorted intuitionistic logic, Int, presented as type inference rules, where proof-terms denote proofs and types are formulae with initial and final state identifiers. We assume that z , y are arbitrary AD7 variables of some sort T , and that a is a term of arbitrary sort T.

Proof. When P is Harrop, by the definition of extract, extract(p) = w and so [extract(p)] IF P follows from soundness (see Remark 4.1). When P is not Harrop, the proof involves showing that extract(p) always produces the same side-effect as w over all the state references that are used in P. This is routine but long and we omit it. Then the result follows from the fact that, if (u,o')IF P , then (o,o")IF P for any state u'' that differs from (TI at most on states not used in P.

358

I- Axiom(A)loA 1assign(s,

I- ite(ql,42)if

if A E AX (assign)

lzotologici (b)=false+C

I- 42

then b e l s e 111zoC

qwo(tologici(b)=trueAA[8~/B])

I- ,d(4)uhile

I>

D)s:=~osf=tologici(v)

11otologici (b)=true+C

I- 41

(Axiom -

af-then-else

1q u o A [ ~ f / ~ ]

do b;donewoA[8;/B]+A[B~/B]Atologiy(b)=false

(loop)

where A does not contain any state identifiers

Figure 7. The structural rules of our calculus. In A X , TZ is a constant, uniquely associated with the axiom A E A X .

Theorem 6.3. Extraction produces return-value realizers Take any proof I- tuoTand let L be any interpretation. Then extract(t) retmr, P.

Proof. To prove this, we take any pair of state u,u' such that extract(t) terminates with an execution sequence of the form (extract(t), u) 6 (answer, 0')

(1)

yielding a return value answer. Observe that answer has a representation answer = tologic(answer) in Term(dD7). We are then required to show that (u,a') It, Sk(P)[answer/fp]. We present only a few of the cases. Full details may be found in [13]. Case I: T is Harrop. In this case, by the definition of the Skolem form, we are required to prove that, if (w, 0)6 (answer, 0')then (0,~') It, T

(2)

359 extract ( p V o P )

any term where P is Harrop 0 uvoA

zu not H ( A )

0 H(A) fun xu => extract(a) not H ( A ) abstract uVoA.avoB extract ( a ) not H ( A ) extract(c) not H ( A ) (extract(c) extract(a)) not H ( A ) use x : T . awe* Eun x : T => extract(a) sDecificfcv*vz.A .ul -, (extract(a) v) ( P A , bW*B) (extract(a). extract(b)) case aWoAVB of inlff*A'l.bV*c. match extract(a) with I n l ( x t ) => extract(b) I Inr(x,) => extract(c) \ -

1

H(A)

V

(v, extract(a)) not H(A) (fun x => extract(b))extract(a) (fun x => fun xu => extract(b))

# ( a ) where #

f st(extract(a)) snd(extract(a)) is id, inr, fst or snd # ( w a r t f a ) ) abort( a V * l )

not H ( A )

} not H ( A )

Figure 8. Definition of extraction map extract, defined over the intuitionistic proofterms of terms used in formulae. Note that we can treat the resulting terms as MiniML program terms with state identifiers are treated as free variables.

But this is the case by soundness of the calculus (see Remark 4.1). Case 2: Proof ends in application of (loop). Assume that tnoTis of the form d,,,,

(q)while

do b;donel*A[I;/B]~(A[Bt

/B]Atologic'(b)=false)

By the induction hypothesis, we know that extract(q) retmr,

A[si/o]A tologiq(b) = true -+ A [ s f / f i ]

(3)

This means that, for any 7,T' and pure program value answer,, if (extract(q),~) 6 (answer,, 7')

we know that, for answer, = tologic(answer,), (7,~') It S k ( A [ s i / e ]A

tologiq(b) = true

-+ A[sf/ij])[answer,/fp]

(4)

where P stands for A [ s i / ~A]tologici(b) = true -+ A["/u]. There are two cases, depending on whether A is Harrop or not. We prove the more interesting latter case.

360

Then A[&/C]is not Harrop, and extract(t) is rv1 := fun x : xsort(A) => X; while b do rv2 := extract(q); rv1 := (fun xp :: x1 => fun x : xsort(A) => xp(rv1x)) rv2 r v l ; !rvl

We wish to show that answer is such that

By the definition of Skolem form and the fact that A [ % / @ and ] A [ s f / C ]are not Harrop, the required statement ( 5 ) may be rewritten

First we make some observations about the execution of the extracted program. Beginning of observations. Because we know that extract(t) terminates, by the definition of D, the program must have an execution sequence that results in states a = ao,a1,. . . ,a, = a’

where

(

[

rv1 := fun x : xsort(A) => x; while b do rv2 := extract(q); r v i := (fun x2 :: x i => fun x : xsort(A) => xz(rvix)) rvp r v l ; !rvi

(7) while b do rvz := extract(q); rv1 := (fun x2 :: XI => fun x : xsort(A) => x ~ ( r v ~ xrvz ) ) rvi;

6

(!rv1, a,) so that answer = a,(rv1), and where

36 1

and

(b, ai)D ( t r u e , ai)

(9)

(i = 1,.. . ,n - 1) and (b, %) D (false,a,)

(10)

It can be shown that (9) entails (a,,IT,+^) I!- tologiq(b) = true

(11)

for i = 1,.. . , n - 1. and (10) can be used to prove that, for any state 7 (7, a ,)

It- tologicf(b) = f a l s e

(12)

The execution sequence can also be used to show : a and ai+l differ only at rv1 and rv2 in

((

rvz := extract(q); := (fun x~ :: xi => fun x : xsort(A) => xZ(rv1x)) rv2 rvt

TVI

), ) ui

D (rvi I c i + i )

for i = 1,.. . , n - 1. By inspection of the evaluation sequence (7), ol(rv1) = f u n x : xsort(A) => x

(13)

(14)

Also, because rv1 does not occur in extract(q), the execution of extract(q) from ai to a: will not affect the value of rv1: that is, ai(rv1) = ai(rv1). So, by inspection of the evaluation sequence (8): a i + l ( r v ~ is ) the reduced normal form of fun x : xsort(A) => fll(rv2)(ai(rvt)x) for i = 1,.. . , n - 1.

362

That is, ui+l (rvl) is the reduced normal form of fun x : xsort(A) => answer,,(oi(rvl)x)

So, because answer = pn(rvl), when n normal form of

for i = 1,.. ,, n - 1.

> 1, answer must be the reduced

fun x : xsort(A) => (answer,,,-, ( f u n x : xsort(A) => answer,,,-, 14 (. . . answer,, (fun x : xsort(A) => x x) . . .)x

That is, if n

>1

answer = fun x : xsort(A) => answer,,-,(answer,,-,

. . . (answer,,x) . . .) (15)

Also, by (14), when n = 1 (that is, when u‘ = u l ) , answer = f u n x : xsort(A) => x

(16)

Take arbitrary r,r” such that (extract(q),

T)

I ;(answer,,

7“)

By the induction hypotheses (3), (4), the definition of Skolem form and the fact that A[&/ij]and A [ ~ f / i are j ] not Harrop, (7,7”)IFL

)

: xsort(A[%/ij]) .Sk(A[si/ij]) [x/f A [ s i / o ] ] Atologki(b) = true -+ A [ s f / ~ ] [ a n s w exr/,f A [ s f / c ] ]

Vx

(

(17)

Recall that rv1 and rv2 do not occur in

vx : xsort(A[Si/ij])SL(A[si/ij])[z/ f A [ s i / g ] ]A tologici(b) 4

= true

A [ s f / g ] [ a n s w e rx~/ f A [ a f / o ] ]

It can then be shown that this implies the following. For any r’ that differs from T” at most on state variables rv1 and rvg, (TJ’)

11’

(Vx

)

: xsort(A[si/ij]).SL(A[si/V])[x/f~[~~/c]] Atologici(b) = true -+ A[Sf/v][answer, “/fA[sf/o]]

End of observations. We wish to show (6): (07

a’)

b’x : xsort(A[Si/ij]) .Sk(A)[Si/V] [ x / f ~ [/ #s I;] -+

( S k ( A ) [ s f / V ] [ a n s w x/ e r f A [ s f / g ] ]A tologicr(b) = f a l s e )

(18)

363

To do this, we take an arbitrary x : xsort(A[$i/i~])-variantL‘ of assumption (a,0’)

L

with the

Sk(A)[si/vl[x/fA[s;/8]]

(19)

Sk(A)[gf/v][answer x/fA[sf/o]]

(20)

and we prove

(a,a’) and

(a,a’) It,! tologicr(b) = false

(21)

Proof of (21). By (12), ( 7 , a n ) It tologicf(b) = false for any T. So, in particular, (a0,an) lk,~ tologicr(b) = false which is the same as writing (20), as required. End of proof of (21). Proof of (20). There are two subcases: 1) a = 00 and a’ = 01 ( n = 1) and 2) G = 00 and a‘ = an (n > 1). Subcase I. In this case, by (16), answer = fun x : xsort(A) => x

in our model of ADT, and so answer x = x. It can be shown that this and (19) entail (no, a l )

Sk(A)[&/6][answer x/fA[s;/8]]

(22)

Now, observe that 00 = a and a1 = a’ differ at most on rv1, which does not occur in Sk(A)[a,/v][answer x/fA[s,/o]]. It can be shown, using the definition of It, that these facts and (22) result in (a,0‘) I ~ L ! Sk(A)[gf/fl][answer x/fA[Sf/8]]

(23)

Subcase 2. If a’ = an for n > 1, we proceed as follows. Define a1 F 2

ak

= answer,,-,

(ak)

for k = 2 , . . . ,n. As usual, we take ai to be defined as tologic(ai). It will be important to note that, as answer,, is state-free, it is the case that each ak is also state-free. Consequently, the only state references in

Sk (A)[Bf

iaj

/ f A[Sf / 8 ]1

364

are S f . By expanding the definition of a,, we obtain a, = answerun-,(answerun-,. . . (answer,,x)

. . .)

We will show, for any j = 2 , . . .,n - 1 (gj 7

aj+l)

Sk(A)[Sf/v][aj+l/fA[rf/~]]

We proceed by induction. Base case. First, note that (19) can be written as ( 0 0 , 0,)

But, because

differ only at rv1, which does not occur in Sk(A)[Si/v][z/f~[~~/~]], by reasoning about the definition of IF, we can show that this means 00

and

IF'! sk(A)[si/v][Z/fA[B;/B]]

01

((Jl,u,)

Sk(A)[si/a][z/fA[~~/~]]

Also, because final states are not used in Sk(A)[Si/o][z/f~[a~/~]], we can then derive

Sk(A)[si/v][z/fA[~;/~]l

(ul,u2)

(25)

So we can instantiate (18) with (25) and (11 with i = l),to give

( a 02) , It,! A[Sf/@][answer,, z/fA[rf/~]] and we are done. Inductive step. Assume that

,

((Jk uk+l) IF'!

Sk(A)[sf/v][ak+l /fA[Bf/B]]

holds for some k < n - 2. /0],by reasoning Because no initial state references occur in Sk(A)[Sf over the definition of IF, this means

,

( ( ~ k + l 0k+2)

Sk(A[Si/v])[~i/~I[ak+l/f~[,-;/~]I (26)

w e can instantiate (18 setting T = ok+l and r' = ak+2) With (26) and with (11)setting i = k 1) to give

+

(vk+l,uk+2) IF'!

A[Zf/v][answeru,+, ak/fA[Bj/B]]

which means

(ck+l,gk+2) 11)' A[sf/a][ak+Z/fA[rf/~)]

as required and (24) is proven.

365

Now by (24), we know in particular that (ffn-1, f f n )

Sk(A)[i?f/v][an/fA[af/o]l

Now, because initial state references do not occur in Sk(A[i?f/a]), it can be shown that this means

S k ( A )[sf/a][an/fA[iif/ B ] 1 Also, because n > 1, (15) must hold, i.e.: (go, 0,)

answer = fun x : xsort(A) => answer(,n_l,,:_l)(answer(,n_,,,~_z)

. . . (answer(,, ;,, p ). . .) we know that answer x = a,

in our model of dV‘T, and so it can be shown that (go, an)

Sk:(A)[sf/f][answer x / f A [ a /fi i ] ]

End of proof of (20). Finally, by the definition of IF, because we took an arbitrary L’ (ff,ff’) IF,

vz : xsort(A[Sz /v]) .Sk(A)[q/v] /.[ f A [ &, B ] ] + ( S k ( A ) [ g f / v ] [ a n s m e rf xA/[ g f / 0 ] A ] tologicf(b) = f a l s e )

Case: Proof ends in application of (if-then-else). Suppose that twoTis of the form b pwl otologic; (b)=true-tC 1 qw2 otologic; (b)=faZse+C (zf-then-else) ite(p,q)if then b else wlzuzoC We need to show that (u, 0’)IF, Sk(C)[answer/f c ]

(27)

Because tologici(b) = true is Harrop, so by the induction hypothesis extract(p) retmr, tologici(b) = true

+C

(28)

Similarly, tologici(b) = false is Harrop, by the induction hypothesis extract(q) retmr, tologici(b) = false

-$

C

(29)

Therefore, by definition of s and S k , (28) means that, for any states 7,T’

*

(extractb), T ) [ ;(answerp,7’) ( T ,T ’ )

IF, tologici(b) = true + Sk(C)[answer,/ f c ]

(30)

366

and (29) means that, for any states T,T'

*

(extract(q),~ ) f(answerq, j 7') ( 7 , ~ 'It, )

tologici(b) = false + Slc(C)[answer,/ fc]

(31)

Either a(b) = true or a(b) = false. We reason over these two cases to obtain (27). Subcase 1: a(b) = true. so (b, a ) D (true, a )

and so, by the interpretation of = over side-effect-free terms, this means that (a,a') IF, tologici(b) = true

(32)

Also, the operational semantics of extract(t) demands the following hold: ( i f b then extract(p) e l s e extract(q), a ) 6 (answer, a')

(extract(p),a ) 6 (answer, a')

so, (extract@),a ) 6 (answer, a')

(33)

Instantiating (30) with (33) gives (a,a') It, tologici(b) = true + Sk(C)[answer/fc]

Instantiating this with (32) gives (a,a') IF, Sk(C)[answer/fc]

which establishes (27), as required. Subcase 2: a(b) = false. Similar reasoning to the previous subcase will establish (27). Case: Proof ends in application of (cons). Suppose tWoTis of the form c o n s V P , qP+A)w*A

derived by

By the induction hypothesis, we know that extractb) retmr, P

(34)

367

There are two cases, depending on whether P is Harrop or not. We consider the more complicated, latter case. By Theorem 6.1, fun x, : xsort(P) => extract(q) is an intuitionistic modified realizer of P -+ A, and so, for any (7,~') (777')I t

vxu : xsort(P).sk(P)[xu/fP]

-h

s k ( A ) [ ( azu)/fA]

(35)

for any a = tologic(a) where a = f u n x, : xsort(P) => e x t r a c t ( q ) [ ~ ( ~ ) / ~ i ] [ ~ ' ( S ) / ~ f ]

(36)

Now, the execution of extract(t) must result in a sequence of states (T

= 00,01,02,~3 = (T'

such that

-i .-

I ;rvp := extract(p);

B

:= I;

(fn Ii :: Sf 3 fun x, : xsort(~)=> extract(q)) !I :: B !rvp

)

(fn ~i :: Sf 3 fun x, : xsort(P) => extract(q)) ,0 3 !i:: B !rvp

(37)

I ; (answer,g3) where answer = fun xv : xsort(P) => extract(q)[a3(i)/Bi]['~3(?)/Sf] 03(rvp) (38)

and

(i := s , ( T ~ )C; (a1,crl) (rvp := extract(p), 01) C; (ap,0 2 ) (P := s , ( T ~I;) ( a 2 , ( ~ 3 )

(39)

so that u1 = ao[iI+ 0,,(s)]a3= 0 2 [ I

I+ 0

2 ( ~ ) ] ~ ( r= v ap ~)

(40)

Now, because the 5 do not occur in extract(p), formula (40) and inspection of (39) reveal that 03(F)

Also, because the values of

= 01(i) = 0o(S)

(41)

are unchanged in the assignment ? := S

(Tg(3)

= (T2(I) = 0 3 ( a )

(42)

368

So, using (40), (41) and (42) in (38) gives answer = f u n x, : xsort(P) => e x t r a c t ( q ) [ a ( ~ ) / ~ i ] [ a ’ ( ~ ) / ~ ap f]

in our model of d D 7 . Define a4 = fun

xv : xsort(~)=> e x t r a c t ( q ) [ a ( g ) / ~ i ] [ d ( ~ ) / ~ f ]

So that answer = a4 ap

in our model. By (35), it is the case that (a,.’)

1 1V X U : xsort(P).Sk(P)[Xv/fp] + S k ( A ) [ ( a q%

)/f~]

Also, given that (rvp := extract(p), al) 6 (ap,uz) we let a: be the state such that (extract(p), 01) & (ap,a;) Now, recall the induction hypothesis: extract@) retmr,

P

(47)

This means that (al,.:)

IF’ Sk(P)[ap/fpI

(48)

Note that (TO can differ from a1 only on i, and a3 can differ from a: only on I and rvp. So, because i, 3 and rvp do not occur in Sk(P)[a,/fp],as for (22) ( a , 411‘ Sk(P”p/fPl

We instantiate (46) with (49) to give a’)

S k ( A ) [ ( a qap)/fA]

But then, by (45) it can be seen that

(a,a’)IFL s k ( A ) [ a n s w e r / f ~ ] as required. This last case concludes our proof.

(49)

369

7. Implementation We have implemented our calculus by encoding the LTT within SML.The proof-terms and labelled formula types are defined as data-types, the LTT typing relation is represented as pairs of terms of the respective data-types, and the rules of the calculus are treated as functions over such pairs. One of the advantages of our calculus is that it has a natural deduction presentation. This makes it easier to reason with than, say, the usual Hilbertstyle presentations of Hoare-style logics. Further, the Curry-Howard isomorphism can be exploited to enable intuitive user-defined development of proof tactics and parametrized lemmata, treated here as SML functions over proof-terms. In this way, the user can develop a proof in the way mathematicians naturally reason: using hypotheses, formulating conjectures, storing and retrieving lemmata, usually in a top-down, goal-directed fashion. The strong normalization property can also be used to simplify proofs, which is valuable in the understanding and development of large proofs.

Example 7.1. We illustrate our approach to program synthesis with an example, involving code for part of an internet banking system. We require a program that, given a user’s details, will search through a database to obtain all accounts held at the bank by the user, and then returns them in a list. For the sake of argument, we simplify our domain with the following assumptions: We assume two SML record datatypes have been defined, user and account. Instances of the former contain information to represent a user in the system, while instances of the latter represent bank accounts. We do not detail the full definitions of these types. Howver, we assume that an account record type contains a user element in the owner field, to represent the owner of the account. So the owner of the account element myAccount : account is accessed by myAccount .owner. We also assume that user is an equivalence type, so that its elements may be compared using =. We assume a constant currentUser : user that represents the current user who is the subject of the account search. The database is represented in SML as an array of accounts, db : account array

370

Following the SML API, the array is 0-indexed, with the ith element accessed by sub(db, i)

and the size of the array given as

length db Assume we have an array of size Size, accounts. Although SML arrays are mutable, for the purposes of this paper we shall consider db to be an immutable value, and therefore it will be represented in our logic as a constant. We assume a state reference, counter : int ref, to be used as a counter in searches through the database. We take a predicate

alZAccountsAt(u: user, x : account list, y : int) whose meaning is that x is a list of all accounts found to be owned by the user u,up to the point y in the database db. The predicate defined by the following axioms in AX Vu : user.Vx : (account Zist).Vy : int.aZlAccountsAt(u,x,y)-+

Vz : int.z

5 y + sub(&, z).owner = u (50)

V u : user.Vx : (account Zist).Vy : int.

< (length d b ) - l

(y

= true)Asub(db,y+l).user = uAaZZAccountsAt(u,x , y)

aZlAccountsAt(u,sub(db, y

+ 1) :: x,y + 1)

+

(51)

Vu : user.Vx : (account Zist).Vy : int. y

< (length db) - 1A isub(Z,y + l).user = u A allAccountsAt(u,x,y) + aZZAccountsAt(u,x , y Vu : user.Vy : i n k y = 0 + aZZAccountsAt(u,[I, y)

+ 1)

(52)

(53)

(these axioms are available for intuitionistic proofs, so they do not involve programs). Applications of these axioms are used in the LTT with axiom names given by their equation numbers. For instance, an application of (50) is denoted by Axiom(50).

37 1

Our requirement is to obtain a program that returns a list of accounts y : (account list) such that

EistAlIAccounts( current User,y , (length d b ) ) To extract this program from a proof, we unSkolemize this formula, to derive

3y : (account list) .listAllAccounts( currentuser, y , counterf) A

(counterf < (length db) - 1) = false

Extraction of a modified realizer for this formula will produce an imperative program whose return value is the required list of accounts. The previous axioms are Harrop. We also have a non-Harrop axiom y

< (length db)-I + sub(l,y+l).owner = u\/isub(I,y+I).owner = u (54)

Because this axiom is to be used in intuitionistic proofs, we assume that this axiom is associated with a side-effect-free program that is an intuitionistic modified realizer of (54). From (51),(52) and (54),we can derive an intuitionistic proof y

< (length db) - 1 = true, allAccountsAt(u,1, y )

+

kl,t 3 1 : (account Zist).alZAccountsAt(u,l,y 1) ( 5 5 )

By assuming 3 1 : (account list).allAccountsAt(u,l,y), we can apply 3 elimination to (55) and then obtain klntV y : int.Vu : user.(y < (length db) - 1) = true A 3 1 : (account l~st).alZAccountsAt(u, I,y)

+

3 1 : (account list).aIlAccountsAt(u,I , y

+ 1)

(56)

by (+-I) over our assumptions, and successive (V-I) over free variables. We can transform (56) into

klnt V y : int.Vw : int.w = y + 1 + (Vu : user.(y < (length db) - 1 ) = true A 3 1 : (account Zist).allAccountsAt(u,l,y) -+ 3 1 : (account list).alIAccountsAt(u,I , w)) (57)

372

We then use (58) with counteri and counterf and currentUserfor for y, v and u,to give klnt

+

counterj = counteri 1 + (counteri < (length db) - 1) = trueA 3 1 : (account list).allAccountsAt(currentUser,I , counteri) -+ 3 1 : (account list).allAccountsAt(currentUser,I , counterf) (58)

There is a proof-term corresponding to this proof, which we shall denote by and that a program PP : i n t - > int can be extracted from p5g that is a modified realizer of (58) (for brevity, we omit the full description). We also have the following, by the (assign) rule of the Hoare logic:

p58,

k counter := counter

+1

counterj = counteri + 1

This has a corresponding proof-term assign(counter, counter And so, by applying (cons) to (59) and (58), k counter := counter

+1

(59)

+ 1).

(counteri < (length db) - 1) = trueA

3 1 : (account list). alMccountsAt(current User,1 , counteri) -+

3 1 : (account list).allAccountsAt(currentUser,1, counterj) (60) The corresponding proof-term is

cons(assign(counter,counter

+ l),p5g)

Then we apply (loop) on (60) k while counter

< (length db) - 1 do counter

:= counter

+ 1;done.

3 1 : (account list).allAccountsAt(current User,1, counteri) -+

3 1 : (account l~st).allAccountsAt(currentUser, 1, counterf)A (counterj < (length db) - 1) = false (61) with resulting proof-term

wd(cons(assign(cmnter,counter

+l ) , ~ ~ ~ ) )

From the axiom (53) we can derive

counterj = 0 + 3y : (account list).allAccountsAt(currentUser,y, counterj)

(62)

with a proof-term p62. By application of (assign) k counter := O

counterf = 0

(63)

373

with proof-term assign(cmnter,0). Then, applying (cons) to (63) and (62) gives

counter := 0e3y : (account list).allAccountsAt(currentUser,y , counterf) (64) with proof-term cons(assign(counter,O ) , P ~ ~ )This . can be weakened to include a true hypothesis true:

counter := 0 true + 3y : (account list).aZlAccountsAt(currentUser,y , counterf) (65)

with a proof-term of the form cons(cons(assign(cmnter,

O), p 6 2 ) , ptrue)

where ptrue is a proof-term for an intuitionistic proof of P -+ (true + P ) ( P 3y : (account Zist).aZZAccountsAt(currentUser,y , counterf)). So, using (seq) on (65) and (61), we can obtain

t- counter := counter + I; while y < (length db) - 1 do counter := counter + 1;donee true + 3y : (account list).allAccountsAt(currentuser, y , counterf)A (counterf < (length db) - 1) = false (66) with proof-term

seq(cons(cons(assign (counter,0 ) , p62), ptrue),wd(cons(assign(counter,counter+ l),p58)))

which can be simplified to the required form I- counter := counter while y

+ 1;

< (length db) - 1 do counter := counter + 1;done.

3y : (account list).aZlAccountsdt(current User,y , counterf)A

(counterf < (length db) - 1) = false

(67)

with a corresponding proof-term of the form: cons(seq(cons(cons(assign( counter,0 ) ,

psz),ptrue),wd(cons(assign(counter, counter

+ l),p58))),qtrue)

(68)

374 p T

!xtract( t )

any term t with H ( T ) Axiomln\voA

'Kn

rv1 := fun x : xsort(A) wd(u)vhile

do b;donsl*P

where P A [ s i / e ] -+ ( A [ s f / " ]A tologicr(b) = f a l s e )

=> x;

vhile b do rvz := extract(q); rv1 := (fun x2 :: x i => fun x : xsort(A) => x2 (rv1 x)) !rv2 !rv1; !rvl: f b then extract(q1) else extract(q2) - 2

not H ( A ) , not H ( B ) and not H ( C ) : rvp := extract(p); rvq := extract(q); (fun x, :: xq => fun x : xsort(A) => rvq (rvpx)) !rvp !rvq

H ( A ) , not H ( B ) and not H ( C ) : rvp := extract(p); rvq := extract(q); rvq rvp

H ( A ) , H ( B ) and not N(C): "; rvq := extract(q); !rvq

not H ( A ) , H ( B ) , and not H ( C ) : v; rvq := extract(q); (fun xq => fun x : xsort(A) => xq x) !rvq

not H ( P ) and not H ( A ) : i := g. C V := ~ extract(p);

1 .- s;

'fn ~i :: sf => fun xv : xsort(P) => extract(q)) !rvp !I :: ? H ( P ) and not H ( A ) : I := I; v; ? := I ; (fun si :: gf => extract(q))

!I:: i Figure 9. Definition of extraction map extract from proof-terms to SML programs. Here we assume that rv1, rv2, rvp, rvq, I and 5 are state references that do not occur in extract(p) and extract(q), and whose corresponding state identifiers do not occur in any of the formulae used in the proof of p or q.

375

where qtrue is a proof of (true + A ) t A for

A

3y : (account list).aZlAccountsAt(currentUser,y, counterf) A (counterf

< (length db) - 1) = false.

Finally we apply extract to (68), obtaining the required program r v l := f u n x:account l i s t => x ; while counter f u n counter-f => (PP c o u n t e r - i currentuser)) i c i f ) r v l := f u n x-2::x-l=> f u n x => (x-2 ( r v l x ) ) ! r v 2 ! r v i ; ) ! r v l [I ;

8. Related work and conclusions Various authors have given type-theoretic treatments to imperative program logics. It has been shown in [6] how a Hoare-style logic may be embedded within the Calculus of Constructions through a monad-based interpretation of predicate transformer semantics, with an implementation in the Coq theorem prover [3]. Various forms of deductive program synthesis, with its roots in constructive logic and the Curry-Howard isomorphism, have been used successfully by [ll],[12] and [15]. The difference between our approach and those mentioned is that we do not use a meta-logical embedding of an imperative logic into a constructive type theory, but rather give a new logic that can be presented directly as a type theory. Apart from the novelty of our approach, our results are useful because they present a unified means of synthesizing imperative program according to specifications of both side-effects and return values. Further, from the perspective of theorem prover implementation, the advantage of our calculus over others is the use of a natural deduction calculus for reasoning about imperative programs and the consequent adaption of the Curry-Howard isomorphism. References 1. Ulrich Berger and Helmut Schwichtenberg.Program extraction from classical proofs. In D. Leivant, editor, Logic and Computational Complexity, International Workshop LCC '94, Indiapolis, IN, USA, October 1994, pages 77-97, 1995. 2. Robert L. Constable, Stuart F. Allen, H. M. Bromley, W. R. Cleaveland, J. F. Cremer, R. W. Harper, Douglas J. Howe, T. B. Knoblock, N. P. Mendler,

376

3.

4.

5.

6.

7. 8. 9. 10.

11.

12.

13.

14.

15.

P. Panangaden, James T. Sasaki, and Scott F. Smith. Implementing Mathematics with the Nuprl Development System. Prentice-Hall, NJ, 1986. Thierry Coquand. Metamathematical Investigations of a Calculus of Constructions. In Piergiuorgio Odifreddi, editor, Logic and Computer Science, pages 91-122. Academic Press, 1990. Patrick Cousot. Methods and logics for proving programs. In Jan Van Leeuwen, editor, Formal Models and Semantics: Volume B, pages 841-994. Elsevier and MIT Press, 1990. John Newsome Crossley and John Cedric Shepherdson. Extracting programs from proofs by an extension of the curry-howard process. In John Newsome Crossley, Jeffrey B. Remmel, Richard A. Shore, and Moss E. Sweedler, editors, Logical Methods, pages 222-288. Birkhauser, Boston, MA, 1993. J. C. Filliatre. Proof of imperative programs in type theory. In International Workshop, T Y P E S '98, Kloster Irsee, Germany, volume 1657 of Lecture Notes in Computer Science, pages 78-92. Springer-Verlag, 1998. Jean-Yves Girard, Yves Lafont, and Paul Taylor. Proofs and types. Cambridge University Press, Cambridge, 1989. Ronald Harrop. Concerning formulas of the types A 4 BVC, A + ( E z ) B ( z ) in intuitionistic formal systems. Journal of Symbolic Logic, 25:27-32, 1960. C. A. R. Hoare. An axiomatic basis for computer programming. Communications of the Association f o r Computing Machinery, 12(10):576-80, 1969. John S. Jeavons, Bolis Basit, Iman Poernomo, and John Newsome Crossley. A layered approach to extracting programs from proofs with an application in Graph Theory. In these Proceedings. Zohar Manna and Richard J. Waldinger. The deductive synthesis of imperative LISP programs. In Sixth A A A I National Conference on Artificial Intelligence, pages 155-160, 1987. Mihhail Matskin and Enn Tyugu. Strategies of Structural Synthesis of Programs. In Proceedings 12th IEEE International Conference Automated Software Engineering, pages 305-306. IEEE Computer Society, 1998. Iman Poernomo. The Curry-Howard isomorphism adapted for imperative program synthesis and reasoning. PhD thesis, Monash University, Australia, 2002. In preparation. A Technical Report, which is an extended version of this paper, is available at http: //www. csse .monash.edu. au/-ihp/karma, DSTC, Melbourne, Australia, 2001. Iman Poernomo and John Newsome Crossley. Protocols between programs and proofs. In Kung-Kiu Lau, editor, Logic Based Program Synthesis and Transformation, 10th International Workshop, L O P S T R 2000 London, UK, July 24-28, 2000, Selected Papers, volume 2042 of Lecture Notes in Computer Science, pages 18-37. Springer, 2001. Jamie Stark and Andrew Ireland. Towards automatic imperative program synthesis through proof planning. In Proceedings 13th IEEE International Conference Automated Software Engineering, pages 44-51, 1999.

377

PHASE-VALUED MODELS OF LINEAR SET THEORY

MASARU SHIRAHATA Division of Mathematics, Keio University, Hiyoshi Campus, 4-1-1 Kohoku-ku, Yokohama 223-8521, Japan E-mail: [email protected] The aim of this paper is a model-theoretic study of the linear set theory. Following the standard practice in intuitionistic and quantum set theories, we define a set to be a function from its members to non-standard truth values. In our case, the truth values are facts in a phase space as defined by Girard. We will construct the universe V p from the phase space P and verify a number of set-theoretic principles which are linear logic versions of the Z F axioms.

1. Introduction

In this paper, we will extend the Boolean-valued model for classical set theory [5,9] to linear logic. This is in analogy to the locale (Heyting)valued model for intuitionistic set theory [l],and, Takeuti and Titani’s ortholattice-valued model for quantum set theory [8]. The general idea is as follows. Given a propositional logic and its algebraic model, we can regard an element of the algebra as a (non-standard) truth value. Then we can extend the notion of characteristic functions, or sets, so that their range becomes the set of the extended truth values. In the case of linear logic, such an underlying set of truth values is given by the set of facts in a phase space as defined by Girard [3]. It is worth noting the similarity of the set of facts with the ortholattice in quantum logic. In short, the ortholattice is the lattice of closed subspaces of a Hilbert space ordered by inclusion. To each Hilbert space corresponds a physical system. Each vector in the space represents a state that a physical system can assume and each closed subspace represents an observable property of the physical system. Duals are defined by the orthogonality in the Hilbert space. Then, the correspondence is the following. 0

phase space/Hilbert space, facts/closed subspaces.

378

In fact, this is not at all surprising since Girard has this similarity in mind from the beginning: There is a Tarskian semantics for linear logic with some physical flavour: w.r.t a certain monoid of phases formulas are true in certain situations. ... One of the wild hopes that this suggests is the possibility of a direct connection with quantum mechanics ... but let's not dream too much! ([3], pp. 7-8.) The change of viewpoint occurring in linear logic is simple and radical: we have to introduce an observer, in order to verify a fact A, the observer has to do something, i.e., there are tasks p , 4,.. . which verify A ... These tasks can be seen as phases between a fact and its verification; ([3], p. 18.) The point stating the similarity explicitly here is to give the reader some assurance that the approach taken in quantum set theory can be transferred to linear set theory, at least to some extent. 2. Preliminary

In this section, we review the phase space semantics for linear logic and the construction of the Boolean-valued model.

Definition 2.1. A phase space is a quadruple P = (P,1,., I)where 0

(P,1,.) is a commutative monoid;

OIGP. 1 is the unit of the multiplication.

We will write p q for p . q. If A and B are subsets of P , we will write A . B , or AB, for the set { p q I p E A and q E B } .

Definition 2.2. Given a subset A of P , the dual or the linear negation of A, denoted A l , is defined by A' = { p E P I (Vq E A) pq E I}. Definition 2.3. A subset A of P is a fact if A = A l l . We denote the set of facts in P by Factp. Note that we always have A 5 A l l since p q E I for any p E A and q E A*. Furthermore, A G B implies B* C A' since p q E I for any p E A C B and q E B*. Then it immediately follows that A l = A l l L ,

i.e. A' is a fact for any A C_ P .

379

Definition 2.4. A fact A is valid if 1 E A. Proposition 2.1. Facts are closed under arbitrary intersection.

ni,,

We understand the arbitrary intersection Ai as the operation on the power set of P. In particular, Ai = P if I = 0.

ni,,

niE,

Proof. Let {Fi}iE, be a family of facts and A = Fi. Then, A E Fi for any i E I. Hence, A l l C F k l = Fi. Therefore, ALL & Fi. 0

ni,,

Proposition 2.2. AI" is the smallest fact containing A for any A 5 P . The order is given by the set inclusion. Proof. Let A C_ B with B = B l l . Then BL C_ A*, and this implies ALL B'-l = B. 0

Definition 2.5. We define the multiplicative operations on the set F a c t p of facts in P as follows. F @ G= ( F G ) l l , FVG = ( F L G " ) I , F -o G = ( F G l ) * . F @ G and FVG are called the multiplicative conjunction and the multiplicative disjunction, respectively. F -o G is the linear implication. FVG is defined via the DeMorgan duality as (F* @ G * ) l , and F defined as F*vG.

-o

G is

Definition 2.6. We define the additive operations on the set F a c t p as follows. F&G=FnG, F CB G = ( F u G)*% F&G and F @ G are called the additive conjunction and the additive disjunction, respectively. Definition 2.7. In addition to I,we define the constants in P as follows. 0 0

1 = I I, T=P,

I o O = T .

380

Note that I= (1)'- and T = P = 0'-. All those constants are facts since they are linear negations. Furthermore F 8 1 = F for any fact F. To see this, let p E F . 1 with p = qr for some q E F and r E 1. Then, for any s E F L , we have qs E I and qsr E 1.Hence p = qr E FLL= F . This implies F €3 1 F . The other direction follows from 1 E 1. Now we define the semantics for the multiplicative-additive fragment of linear logic (MALL). Definition 2.8. A phase structure for MALL is a phase space with a function which assigns a fact to each propositional letter. The interpretation of a sentence is a fact assigned to the sentence by extending the function inductively. Definition 2.9. A sentence is valid if the unit 1of the commutative monoid P is in its interpretation. A sentence is a linear tautology if it is valid in any phase structure. Proposition 2.3. MALL is sound and complete with respect to the validi t y in phase structure. For the proof of Proposition 2.3, we refer the reader to Girard's original paper [31. The phase semantics can be easily extended to predicate logic. We simply interpret quantifications as infinitary additive conjunction Fi and and disjunction (U Fi)'-'-.

n

Definition 2.10. Let { F i } i €be ~ a family of facts. We define the infinitary Fi and the infinitary additive sum CiEr Fi as follows. additive product

ni,,

n i E I Fi =

Fi,

~ i c Fir = (UiezFi)LL* We often omit the index set I .

ni,,

As before, we understand the infinitary intersection Fi and union UiEIFi as the operations on the power set of P. In particular, Fi = P = T and CiEr Fi = 0l'- = 0 when I = 0.

ni,,

For exponentials, we need to extend the phase space. Definition 2.11. A topolinear space is a phase space paired with the set F of the closed facts such that

381

(i) 3 is closed under arbitrary intersection (additive conjunction); (ii) F is closed under finite multiplicative disjunction; (iii) I is the smallest fact in (iv) for all A E F ,A g A = A . The linear negations of closed facts are called open facts.

Definition 2.12. We define the exponential operations on the set Factp as follows. 0 0

!F = the greatest open fact included in F , ?F = the smallest closed fact containing F .

The order is given by the set inclusion. There is a new simplified version of the definition of exponentials in the phase space [4]. For our present purpose, however, the above definition suffices.

Proposition 2.4. Linear logic is sound and complete with respect to the validity in the topolinear spaces. We now collect some useful propositions for the later calculations.

Proposition 2.5. Let F and G be facts. The following are equivalent.

IEF-oG, C G, (iii) F G ~ I. (2)

(aa) F

Proof. From (iii) t o (ii): Let FGI C 1.Then F C Gl' = G . From (ii) to (i): Let F C G. Then (1). FGL = FG' C GG' g 1.Hence 1 E ( F G l ) l = F 4 G . From (i) to (iii): Let 1 E F 4 G . Then ( l } . F G * = FGI

I.

0

Proposition 2.6. Let F and G be facts in P . Then for any p E F and q E F -oG, we havepq E G . Proof. Let r E G I . Then pr E FGI and pqr E I,since q E ( F G l ) ' . Hence pq E G I L = G. Proposition 2.7. Let A C P and F be a fact. Then, ALL @ F = ( A F ) l L .

382

Proof. AF C A l l F C (A * * F )l I = A L L 8 F . So ( A F ) * l C A l l 8 F by Proposition 2.2. For the other direction, let p E ( A F ) I . Take any q E F. Then pqr E 1for any r E A. Hence p q E A l . Since the choice of q is arbitrary, we have A"F. { p } C 1.Hence p E ( A l l F ) I . Then ( AF) ' - C_ (A"F)I and it follows that ( A L l F ) I L E ( A F ) l l . Proposition 2.8. Let Fi and G be facts. Then

(c

{(u

Proof. By Proposition 2.7, Fi) 8 G = Fi) G}lL = {U (FiG)}". Then, {U (FiG)}'l C {U (Fi 8 G ) } l l = C (Fi 8 G ) . On the other hand, Fi 8 G = (FiG)l' C {U(FiG)}l' for any i. Hence, U ( F i 8 G ) {U ( F i G ) } l l and C (Fi 8 G ) C_ {U ( F i G ) } l l by Proposition 2.2. Proposition 2.9. Let F,G and H be facts. Then

( F 8 G )8 H = ( F G H ) I L . Proof. ( F 8 G ) 8 H = ( F G ) I l 8 H = (FGH)"

by Proposition 2.7. 0

Proposition 2.10. Let {Fi} be the family of facts. Then ( n F 5 ) ' CFi.

n

=

n

Proof. It suffices to show that F? = (U Fi)'. Let p E F k and q E Fi for some i. Then pq E 1. Hence p E (U Fi)'. For the other direction, let p E (UF i ) l and q E Fi C U Fi. Then p q E 1. So p E F t . Hence p E nFk. 0 Proposition 2.11. Let F be an open fact. Then the following holds.

c

(2) F 1, (a) F 8 G G for any fact G , (ii) F = F 8 F . Proof. (i) Let F = G I with closed G. The claim follows from 1C G. (ii) F @ G C l @ G = G . (iii) Let F = G I with closed G. The claim follows from G = GvG.

Proposition 2.12. For any facts F and G, we have ! F 8 ! G = ! (F&G).

383

Proof. Note that open facts are closed under finite multiplicative conjunction. Hence ! F @ ! G is an open fact. Now !F @ !G C ! F F. Similarly ! F @ !G C G. Hence ! F @ !G C F n G = F&G. This implies !F @ ! G C ! (F&G). On the other hand, we have ! (F&G) = ! ( F & G ) @!(F&G)c_ ! F @ ! G .

s

Proposition 2.13. Let F be a fact. If F i s valid, so is ! F . Proof. Suppose 1 E F . Then F L C 1.Hence 1 = Therefore 1 E 1 C F .

ILC F * l = F . 0

We now turn our attention to Boolean-valued models. Let 23 be a complete Boolean algebra. We first define the 23-valued universe V".

Definition 2.13. We define the sets V," and the class V" by the transfinite induction on ordinals a as follows.

{

:v

= 0, Vt+l = {u I u is a function with dom(u) C V," and ran(u) = B}, Vf = V," where X is a limit ordinal.

ua.,x

v" = U a E O r d Kt3 . Ord is the class of all ordinals.

Next we define the interpretation of atomic propositions. Note that we can assign the rank p(u) to each u E Va by p(u) = t h e least a such that u E Vz+,,

Furthermore, we will use the canonical ordering [5] on Ord x Ord defined by

* [m=(a, P ) < mad?, 811 or

(a,P ) < (7,s)

[max(a,/?)= max(y,S) and a

< 71 or

[max(a,@)= max(y,S) and a = y and

P < 61.

The canonical ordering on Ord x Ord x Ord is defined similarly.

Definition 2.14. For u , v E V " , we define [u= v],[u2 w] and [uE v] by the transfinite induction on ( p ( u ) ,p ( v ) ) as follows.

*

' I[. 0

0

1') = VzEdom(v) ('(.I I[. = u ] > 7 [uC v] = AzEdom(.cl)(~(x) + [z E v]) where a .6 = = iu v] A I[ c_ . .I.

c

+ b = T a V b,

384

The idea behind the above definitions is the following translation. 0 0

*

21 E 21 (3x E w)(x = u), u g v w (Vx E u)(xE v), u=v(ju~vandvEu.

Notice that universal and existential quantifications are interpreted as infinitary conjunction (meet) and disjunction (join), respectively.

Proposition 2.14. For every u,v E V",

(i) I[ = .= 1, (ii) iu = = 1. = (iii) I[ = .A I[ =. w j 5 I[ =. wj, (iu) [uE v] A [w = u]A [t = v ] 5 [[wE t].

un,

The proof is by the transfinite induction on the canonical ordering of (p(u),p(v)). Now we extend this assignment to every sentence.

Definition 2.15. For every formula cp(z1,. . . ,xn), we define the Boolean value of cp ucp(ul, . . . , un)n

(Ul,

..., U n

E V")

as follows. (a) If cp is an atomic formula, the assignment is as we defined above; (b) if cp is a negation, conjunction, etc., u+(u1,. . . ,un)i = - w ( u l , .. . ,un)n,

111, AX(^^,. . . ,u,)n = u+(ul,. . . +,in A [x(ul, . . . ,un)n, 111, v x(ul,. . . ,un)n = w ( u l , . . . ,un)n v I [ X ( ~ .~. ,. ,un)n, 1111, + x ( u l , . . . ,u,)n = w ( u l , . . . , un)n + ux(ul,. . . ,un)n, 111, x ( u l , .. . ,un)n = 1111,+ A . . . ,un)n A XII -++ ( u l , . . . , un)n; (c) if cp is 3x11,or Vx11, 1 [ 3 ~ $ (ul, ~ , . . . ,u,n =

V A

M U , ul,.. . ,u,n,

UEV"

PTG(~, ul,. . . ,unn =

MV,

u1

. . . ,unn.

UEV"

Definition 2.16. A sentence cp is valid in V" if top element of the boolean algebra B.

[[(PI= 1, where 1 is the

Proposition 2.15. Every axiom of ZFC is valid in V".

385

3. The Phase-valued Model V p We now define our model V p . The construction is essentially the same as that of V“ except that we will use the set Factp of facts in the topolinear space (P,F)instead of the boolean algebra B. Definition 3.1. We define V,” and V p by the transfinite induction on ordinals a as follows:

{

vop = 0,

Vz+l = {u I u is a function with dom(u) C V’, and ran(u) = Factp}, V r = Ua<XV,” where X is a limit ordinal.

v p = UaEOrd v,” *

The rank p(u) is defined similarly as in V”.

Proposition 3.1. VF C V,” for

0 < a.

Proof. The proof is by the transfinite induction on a. Assume that V: C V g holds for any y < p with 0 < a. If a is a limit ordinal, the proposition holds by the definition. Suppose that Q = a’ + 1. Let u E V r with 0 < a, and p‘ = p(u). Then /?‘+ 1 5 p and u E Hence dom(u) VF with p’ < a‘. So dom(u) C V$ by the inductive hypothesis. Hence u 6 V z . 0 Definition 3.2. For u , v E V p , we define [u= v],[u & v] and [uE v] by the transfinite induction on ( p ( u ) ,p ( v ) ) as follows.

.[I E .]I = C z E d o m ( v ) ( v ( z ) 8 8. = 4l) , I[. C ‘1 = nz,,om(u,(u(.) --o.[I E vll), .1 = = !I[. 2 8 !I[. E .I. We note that .[I E .]I

= 0 when dom(v) =

0, and [uC .]I

= T when

dom(u) = 0.

Proposition 3.2. For every u,v E V p ,

(i) 1 E u(z) -O [z E u]for all z E dom(u), (ii) 1 E I[ =. u], (iii) 1 E = = .I.

nu

Proof. We prove (i) and (ii) by the simultaneous transfinite induction on p(u). Note that the base case p(u) = 0 is subsumed under the case dom(u) = 0.

386

(i) We show that for all z E dom(u),

I[ E.

I.

If dom(u) = 8, this holds trivially. Otherwise, 1 E [z = x] by the inductive hypothesis. Then u ( z ) = u ( z ) . (1) (u(z) . . I[ E. unL = IL c - UyEdom(u)(u(Y) . uz = ~ence 4.1 . (UyEdom(u) ( 4 ~ 8b ) = Yll))"' = ' (Uy€dom(u) ( u ( Y ) @ I[ =. 1. (ii) It suffices t o show 1 E !I[. u].NOW [U u]= --o Otherwise, [z E u]). If dom(u) = 0, we have 1 C P = [uC u]. u ( z ) . [z E .]IL I for all z E dom(u) by (i) so that 1 = n,Edo,(u,(u(z) --o [z E u]).Since Iis the smallest closed fact, 1 is the greatest open fact. Hence 1 = ![uC u]and clearly 1 E 1. (iii) We show [u = w] . [v = u ] ' C 1.Since the multiplicative conjunction is commutative, [u = v] = [v = u ] and the claim immediately follows. 0

w*.

w) mLc

c

nzEdom(u)(+)

c

c

c

Proof. The proof is by the simultaneous induction on (p(u),p(v),p(w)) along the canonical ordering, which is sensitive to the permutation of u,w and w. To carry the induction through, we divide (ii) and (iii) into two separate cases:

(ii-a) (ii-b) (iii-a) (iii-b)

1E 1E 1E 1E

lv E wi 8 I[ = .--o I[ E wi, . uv E 8 I[=.w]-+ E ui, uu E 8 I[=. --o I[ E wi, . 8

E

nu

=

E

So, we in fact prove (i), (ii-a), (ii-b), (iii-a) and (iii-b) simultaneously.

c

(i) First we show [uC v] 8 [w = w] [uC 2.1. By Proposition 2.2, Definition 2.5 and Definition 3.2, it suffices to show

n

).(.(

zEdom(u)

--o

8.

E

n

(W

z Edom( u )

I[ E. wn).

387

Let p E n,E,o,~,,(u(z) --o [z E u])and q E [v = w].We want to show p q E ( u ( y ) [y E w]l)lfor any y E dom(u). Let T E u ( y ) . [y E w ]' and T = tt' with t E u(y) and t' E [y E w]'. Since p E u(y) 4 [y E w],we have pt E [y E w].By the inductive hypothesis of (iii-a),

Hence ptq 6 [y E w].Therefore pqr = ptqt' E I,and it is done. Similarly, we can show [w 5 v] 8 [u= v] 5 [w C u] with the roles of u and w being exchanged, using the inductive hypothesis of (iii-b). With the above preparation, we show [u= v] 8 [v = w] [u= w].Using Proposition 2.11,

c

Now open facts are closed under finite multiplicative conjunction. Hence ![uC_ w] 8 [w = is open. Therefore, we have ![ug v] 8 [w = u] ![u5 w]. Similarly, ![w w] 8 [u= u] 5 ![.I u]. Hence, [u= w] 8 [U = w]C [u= w]. (ii-a) We want to show [u E w]8 [u= w] C [u E w].By Proposition 2.8 and Proposition 2.9,

c

E w]8

c

= .] =

(CC I €do,(

)

( ' ~ ( 8~ I 1[ =. .])

I Edom(w)

=

c

8 [U = .]

(w(z) . I[ =. .]I. I[ =. .]) 'I

w)

By the inductive hypothesis for (i),

Hence [V E w ] 8 [U = .] E &dom(w)(~(z) 8 [X = u ] )= [U E w]. (ii-b) is proved similarly, using the inductive hypothesis of (i). Note that (i) is symmetric with respect to the roles of u and w.

388

c

(iii) We want t o show [uE u]8 [[w = w] [uE w]. By Proposition 2.8, Proposition 2.7 and Proposition 2.9, E .] 8 I[ =. w] =

(

).(.(

8

z€dom(v)

C

=

C

=

qw C_

. !I[.

).(

I[.1

C_ w ] .

= w]

8

II

I[. = .])

zEdorn(v)

.K. c n

Let y E dom(v). By Proposition 2.6,

m

c s V(Y)

![. wn

wn

= w(y) . (

).(w

--o

u.

E wn)

x€dom(v)

c v(y) . MY) c uy E wn.

--o

BY E wn)

Therefore it suffices to show [y E w j .

uy = c .1 E w].

c

However we have [y E w] 8 [[y = u] [uE w] by the inductive hypothesis of (ii-a). Hence, by Proposition 2.11, ~[yE w]

.

c

.I [ = ~

g

E w] 8 qw

c I[Y E wn 8

c

8

uy =

= un

2 I[ E w]. . (iii-b) is proved similarly with the roles of u and w being exchanged, using the inductive hypothesis of (ii-a). 0 Definition 3.3. For every formula cp(z1,. . . , xn), we define the phase value of cp

[v(u1, . . . ,un)n

(u1,. .. ,u,E V P )

as follows. (a) If cp is an atomic formula, the assignment is as we defined above; (b) if cp is a linear negation, multiplicative conjunction, etc.,

w ( u l , . .. = [+(ul,.. . ,un)nL, 8 x(ul,.. . ,unn = u+(ul,. . .,un)n8 [X(ul,. . .,un)n, I [ + V X ( ~ ~. ., . ,unn = w ( u l , . . . , u n ) m ( u l , . . . ,un)n7

389

Proposition 3.4. 1 E [u=

@ I[+(.)]

Q

[+(v)Jj for any formula

4.

Proof. The proof is by induction on the construction of 4, using that [u= v] is an open fact. For example, 1 E [u= u]8 [$(v)] Q [+(u)]implies 1 E I[. = W] @ I[$+)] 4 [$I(v)]. Similarly 1 E .[I = v] @ [$(u)] 4 I[$(u)ll and 1 E [U = .]I @ [X(u)B--o [x(w)] implies 1 E [u= u] @ [Q @ x(u)l 4 @Xwn. 0

u+

We now start checking the validity of the basic set-theoretical principles. We will write (3y E z) +(y) and (Vy E z) +(y) for 3y (y E IC 8 $(y)) and Vy (y E z --o d(y)), respectively.

Proof.

(a) By Proposition 2.8 and Proposition 3.4,

UP^ E +wn

=

C (UYE n. 8 umn) yEVP

390

yEVP zEdom(s)

z Edom( z)

For the other direction, note that if y E dom(z), we have z(y) [y E z] since 1 E [y = y]. Hence,

C

MY)

€3

u$(dn)c_

y €don( z)

C ( l [ ~E zn €3 [wn) C ([Y E zn 8 nwn)

yEdom(z)

E

gEVP

= u3y (Y E

2

8 4wn.

(b) The proof is by Proposition 2.10 and (a).

0

Let us verify a number of formulas which are intended to be the linear logic counterparts of the classical ZF axioms. For the moment, we do not have any canonical way to translate classical set-theoretical formulas into linear logic. In particular the choice between multiplicative and additive connectives are rather arbitrary. Theorem 3.1. The following formulas are valid in V p .

(Empty Set):

3YVz(zE Y)l.

(Extensionality):

VXVY(!Vu(u E x -0u

E

Y)€3!Vu(uE Y -Ou E X ) -0 x = Y).

(Pair): VuVv3aVz(z = u @ z = o -0 3: E a ) . (Union):

VX3YVu(3z(z E X 8 u E z) 4 u E Y ) .

(Separation):

VX3Y(!Vu(u E Y -0 u E x 8 $(u)) 8 !Vu(u E x €3 $(u)-0 u E Y ) ) . (Collection): Vu((Vz E u)3yd(z,y)

-o

3o(Vz E u)(3y E w ) +(z,y)).

391

(Infinity): 3 Y ( ! 0 p E Y €3!Vx(x E Y -ozu{x} E Y ) ) .

0 p and X U{x} are the elements of V p which will be explained in the proof. Proof. (Empty Set): Let Y E V p be such that dom(Y) = 0. Then, for any x E V p ,we have UvEdom(Y)(Y(w) €3 [[x= w]) = 0. Then

(U

( Y ( v )8 [X =.]I)

vEdom( Y )

Hence, [(x E Y)'] = P and p x ( x E Y ) q = P. Obviously, 1 E P. (Extensionality): Recall f X = Y ] = ! [ X g Y ] ~9 ![Y g X ] . Then the axiom holds by Proposition 3.5.

(Pair): Let a E V p be such that dom(a) = {u,w} with 1 E a(.) and 1 E a(.). Then, 1 E [uE a] and 1 E [w E a ] . Now for any x E V p , we have [x = u]€3 [uE a] g [x E a] so that [x = u] [x E a]. Similarly, [x = u ] c [X E a ] . Hence [X = u @ x = u] = ([x = u]u [X = V])ll E

.]**

=

E

.I.

(Union): Let Y E V p be such that dom(Y) = U { d o m ( z )I z E dom(X)} and for any u E d o m ( Y ) , writing S(u) for { z I u E dom(z) and z E dom(X)},

Y ( u )=

c

( X ( Z >8 z(.)>.

Z€S(U)

Then for any z E dom(X) and u E dom(z), we have X ( z ) €3 z ( u ) C Y ( u ) C [uE Y ] so that X ( z ) C z ( u ) --o [uE Y ] . Hence, by Proposition 3.5, X ( z ) g [Vu(u E z --ouE Y ) ] . This means that 1 E p z ( z E X 4 Vu(u E z --o u E Y ) ) ] .The axiom then follows.

(Separation): Let Y E V p be such that dom(Y) = dom(X) and Y ( u ) = X ( U )€3 [p(u)] for all u E dom(Y). Then Y ( u ) C [uE X €3 p(u)] for all u E dom(Y) so that 1 E [Vu(u E Y -ou E X €3p(u))] by Proposition 3.5. Also X ( u ) €3 [p(u)] = Y ( u ) C [uE Y ] for all u E dom(X) so that X ( u ) g [p(u)] -O [u E Y ] . By proposition 3.5, 1 E E y ) ) ]= pu(. E x €3 p(u) u E y)n. p q u E x --o (p(u)

+,

392

(Collection): Given z E Vp, let

Fz = {S E Factp 139 E Vp([cp(z,y)] = s)} Then F, is a set and (Vs E Fz)3a3y ([cp(z,y)] = s and p ( y ) = a ) . Hence by the Collection principle of ZF, 3 4 V s E F X ) ( 3 aE v)3y ([cp(z,y)] = s and p ( y ) = a ) .

Let

CY, =

U{CY+ 1 I

Q

E Y and

LY E Ord}.

Then

393

(Infinity): We denote the phase-valued set obtained in (Empty Set) by {z, {z}} and z U {z} denote the phase-valued sets obtained by (Pair) and (Union) for now. Define Y E V p in such a way that

0 p . Similarly

dom(Y);

0

0p E

0

if z E d o m ( Y ) , then z U {z} E d o m ( Y ) ; 1E Y(0p); Y ( z )g Y ( zU {z}) for all 2 E dom(Y).

Notice that if p ( z ) = a , then p ( { z } ) = a + l and p ( { z , { x } } ) = a+2. Also, p(z U {z}) = p ( U { z , {z}}) 5 p ( { z , {z}}). Hence, given 0.p E V,”, we can have Y E V,”++w+l.Therefore, Y E V p . Since 1 E Y(0.p)5 [ 0 p E Y ] ,it suffices to show

Now for any z E d o m ( Y ) ,

4. Relating

V F to the Heyting-valued model

Let’s begin with the following observation, which is what is behind the Girard’s second translation [3] of intuitionistic predicate logic into linear predicate logic given as follows.

A* = ! A for A atomic, ( A V B)* = A* @ B*, ( AA B)* = A* 8 B*, ( A 3 B)* = ! (A* 4 B * ) , O* = 0, @A)* = 3zA*. (VzA)* = !Vz A*, Proposition 4.1. Let 0 be the set of all open facts in P . Then 0 is a frame (locale or Heyting algebra) in the sense of Vickers [lo].

394

Proof. The order is given by the set-inclusion. The arbitrary join V Fi is defined as (U F i ) l l . Let {Fi} be a family of open facts. By Propowhere F: are closed facts, so that sition 2.10, (UFi)l* = (UF i ) l l is an open fact since closed facts are closed under arbitrary intersection. The binary meet of the open facts F and G is F @ G, since F @ G = ! F @ ! G = ! ( F n G) by Proposition 2.12. Furthermore the distributivity of the binary meet over the arbitrary join holds by Proposition 2.8. 0 Frames and Heyting algebras are the same structures, although they differ when we consider homomorphisms. Locales are frames together with the set of "points." For our purpose, it is harmless to use those terms interchangeably. Then we can obtain the Heyting-valued universe V o as the subuniverse of V p by restricting facts to open facts in the construction of V p . Definition 4.1. We define V," and V o by the transfinite induction on ordinals a as follows.

v,0=0, 0

0

V s , = {u I u is a function with dom(u) E V," and ran(u) = O } , V p = Ua<XV," where X is a limit ordinal, = Ua€OrdVcuO.

'v

Definition 4.2. A phase-valued set u E V p is static if u E V o . Proposition 4.2. Let all x E v P .

E

V p be static. T h e n [x E u] is a n open fact for

Proof. [x E u]= CzEdom(u)(u(z) @ [x = z ] ) . Since open facts are closed under finite multiplicative conjunction, u ( z ) @ I[x = z ] is an open fact. Furthermore, open facts are closed under infinitary additive disjunction by Proposition 2.10. Hence [x E u]is an open fact. I3

We introduce the restricted quantifications over Vo as follows.

w $ ( ~ ,ul, . . . ,u,)n = I[v.*$(~, ul,.. . ,un)n =

zvEVo I[$(., ul,. . . ,un)n,

nVEvo I[+(., ul,.. . ,un)n.

Proposition 3.5 holds with those restricted quantifiers as well. The proofs are exactly the same.

395

For the counterparts of the power set axiom and H. Friedman’s Einduction [2,6], it seems that we need to use those restricted quantifiers.

Theorem 4.1. The following formulas are valid in V p .

(Static Set): Vx*Vy (y E z -o ! (y E z)). (Static Power Set): Vu*3v*Vz*(!V’y(y E z -o y E u)-o x E w)). (Static €-induction): !Vz*((Vy (y E z -o $(y))

-o $(z)) -o Vz*$(z).

Proof.

(Static Set): This follows from Proposition 4.2. (Static Power Set): Let w E V o be such that dom(w) = {f

I f is static with dom(f)

= dom(u)}

and 1 E w(x) for all x E dom(v). We want to show 1 E pz*(!Vy(y E z -oy E u)-o x E w)]. For this, we define z’ E dom(v) for each x E V o which satisfies

I[!vy(y E

E

-o

= qz

c c iz‘ = .I.

Given such an z’, the validity of the formula immediately follows since 1 E [x’ E w] and !I[. c_ [x‘ = x] [z‘= z] 8 [z’ E .]I [x E w] for all x E vo. The definition is as follows. Given z E V o , let x’ E V o be such that dom(z’) = dom(u) and z‘(y) = [y E z] for all y E dom(z‘). Clearly, 2’ E dom(v). Now for any y E V p ,

c

c

c

C C

[Y E x’n =

( ~ ‘ ( 2 )8

I[ =. Yn)

zEdom(u)

=

(UZ

E zn 8 I[ =. yn)

r Edom( u)

c UY E 4. Hence 1 E [Vy(y E x’ -oy E z)] = [x‘

ly E

8 E

=

c z]. Next for any y E V”,

C w)8 uz = yn 8 b E .]I) zEdom(u)

E

C zEdom(u)

( [ z = y] 8 I[ E. since u ( z ) is open

396

z€dom(u)

They are special consequences of the more general principle. Proposition 4.3. For the static u and v, our definitions of [uE w] and [u= v] in V p yield the same open facts as the Heyting-valued interpretations an vo.

Proof. Since the meet in 0 is the tensor in P and the supremum coincides in both of them, it suffices to confirm that !I[. C v] in the phase-valued model is the same as [u v] in the Heyting-valued model for u , v E V*.

c

397

n

Note that the infimumof open facts Fi in 0 is given by ! Fi. Furthermore ! Gi = ! !Gi holds for any family {Gi}iElof facts in ?. To see this, just notice ! Gi E !Gi for any i E I. Hence we only need to show that !(u(z) -O [z E u]) in P is indeed u(z) 1%E u]in 0. Now F@!(F-G) C G holds for any facts F and G. Suppose F @ H 5 G for open facts F , G and H . Then H C F 4 G and H ! ( F4 G ) since H is open. By the uniqueness of the residual F G, we can conclude that

ni,,

n,,,

n

+

+

! ( F +J G ) = ( F + G).

Since u ( z ) and [z E u]are open facts, the above argument shows that !(u(z)4 [z E u])is the same as u(z) [z E u]. 0

+

Then the formulas in the intuitionistic set theory evaluated in V o retain

the same interpretations under the Girard’s second translation with all the quantifiers modified t o the restricted ones. Furthermore, if the quantifiers are bounded, then there is no need to restrict them due t o Proposition 3.5. We hope to explore this point in more detail in the sequel of this paper. Acknowledgments The early version of this paper is included in my dissertation “71. I thank the anonymous referee for the meticulous and helpful comments.

References 1. M.P. Fourman and D. Scott. “Sheaves and logic.” Application of Sheaves, Springer Lecture Notes in Mathematics 753, 1979, 302-401. 2. H. Riedman. “The consistency of classical set theory relative to a set theory with intuitionistic logic.” The Journal of Symbolic Logic 38, 1973, 315-319. 3. J.Y. Girard. “Linear logic.” Theoretical Computer Science 50, 1987, 2-102. 4. J.Y. Girard. “Linear logic: Its Syntax and Semantics.” Advances in Linear Logic, (eds.) Girard, Lafont, Regnier, London Mathematical Society Lecture Notes Series 222, Cambridge University Press 1995, 1-42. 5. T.J. Jech. Set Theory, Academic Press, New York, 1978. 6 . A. SEedrov. “Intuitionistic set theory.” Harvey Friedman’s Research on the Foundations of Mathematics, Studies in Logic and the Foundations of Mathematics Vol. 117, North-Holland, 1985, 257-284. 7. M. Shirahata. Linear Set Theory, dissertation, Department of Philosophy, Stanford University, 1994. 8. G. Takeuti. ”Quantum set theory.” Current Issues in Quantum Logic, Plenum, New York, 1981, 303-322. 9. G. Takeuti and W.M. Zaring. Asiomatic Set Theory, Springer, New York, 1973. 10. S. Vickers. Topology Via Logic, Cambridge University Press, 1989.

398

A PROBLEM ON THEORIES WITH A FINITE NUMBER OF COUNTABLE MODELS

AKITO TSUBOI Institute of Mathematics, University of Tsukuba, Ibaraki 305-8571, Japan E-mail: [email protected] In this paper we discuss non-w-categorical theories with a finite number of countable models. The question remains open whether such theories should be unstable or not. We briefly explain known results concerning this question, and discuss related topics.

1. Introduction In this paper we discuss the following problem and related topics.

(*) Is there any non-w-categorical stable theory T with a finite number of countable models? Nowadays it is widely believed that there exists such a complete theory. However, in the author’s opinion there are not so many works aiming for constructing such theories. Many authors have proved the non-existence of such theories under additional finiteness conditions. (See [8],[3],[5],[12]and [19].) Such finiteness conditions are, for example, superstability, admitting finite coding, supersimplicity and so on. Superstability is a finiteness condition on the length of forking sequences of types. Admitting finite coding is a finiteness condition on the size of canonical bases. Unfortunately, without these assumptions, very few things are known. Since the instability is equivalent to the order property (existence of order structures in a very weak sense), (*) can rewritten as:

(**) Does any theory T with a finite number (> 1) of countable models have the order property? In fact, in [12],[19]and [4],they found definable order structures in theories with finitely many countable models (under some additional finiteness

399

conditions). In section 1, we recall some examples of non-w-categorical theory with a finite number of countable models. We also recall some basic facts for these theories. For the reader’s convenience, outline proofs will be given. In section 2, we consider theories with three countable models. By Vaught’s result,. non-w-categorical theories have at least three countable models. If a given theory is not small, of course it has infinitely many models. If T is small, there are at least three countable models: a prime (and atomic) model over 0, a prime (and atomic) model over a finite tuple realizing a non-principal type, and a countably saturated model. In [4],by assuming the almost w-categoricity of T , the existence of dense linear order in T was shown. A slight generalization of this fact will be given. In section 3, we discuss Lachlan’s theorem ([8]) and it’s generalizations. The theorem states that there is no superstable theory T with 1 < I ( w ,T ) < w . Besides Lachlan’s original proof, there are several other proofs (see [9],[14] and [15]). In these newer proofs, in particular in [9], the open mapping theorem (or a weaker version of it) seems to have an important role. In a simple unstable theory, the open mapping theorem does not hold in general. But Kim [5] showed that Lachlan’s theorem can be generalized t o supersimple theories. In (201, a restricted version of the open mapping theorem was shown for simple theories. We give a proof of Kim’s result using this restricted version. In this paper, T denotes a complete theory formulated in a countable language. I ( w , T ) denotes the number of nonisomorphic countable models of T . Models of T are denoted by M ,N , .... We fix a sufficiently saturated model of T . Usually we work in this model. A , B , .. will denote subsets of this model. Finite tuples of elements in this model are denoted by a , b, .... We write AB for denoting the set A U B. Finite tuples of variable are denoted by x,y, .... Types are complete types unless otherwise stated. S(A) denotes the set of all types over A. If p is a type, p M denotes the set of all realizations of p in M .

2. Examples and Basic Facts. As is well-known, w-categorical theories T are characterized by the property that for each finite tuple x of variables, T has only finitely many types in x. Such a good characterization is not known for theories with 1 < I ( w ,T ) < w . First we recall basic facts.

400

Fact 2.1. (1) Let I(w,T) 5 w. Then T is small, i.e. S(0) is countable. So f o r each finite set A there is a prime model over A. There is also a countably saturated model of T . (2) (Vaught) IfI(w,T) > 1 then I(w,T) 2 3.

Proof. (1) Each type in S(@)is realized in some countable model. On the other hand, each countable model realizes only countably many types. So we have (S(0)(I II(w, T ) ( w. (2) We can assume 1 < I(w,T) 5 w. So there are a prime model MO and a countably saturated model M2. Let a realize a non-principal type and let M I be a prime model over a. Then easily we have M I Mo, M z o

+

The most well-known and fundamental example with three countable models is the following one due to Ehrenfeucht.

Example 2.1. Let T = Th(Q, 0 , a > 1,...} with the minimum element, while the nonstandard part of MZ has no minimum element.

If we want to have a theory T with I(w,T) = n(> 3), we only have to prepare n - 3 new unary predicates U1,...,Un--9 with the properties (i) the interpretations of these predicates give a partition of (Q,’, negation 1 and 4 , necessity 0 (called “box”), and possibility 0 (called “diamond”). We use t to denote the unit element for multiplicative conjunction. f denotes the unit element for multiplicative disjunction. T is called “top”, and it denotes the unit element for additive conjunction. I is called “bottom”, and it denotes the unit element for additive disjunction. As in FL, 1 A is an abbreviation of A > f , and 4 A is an abbreviation of A 3‘ f . For the propositional variables of C,we use symbols p o , p l , . . . . The set F of formulas of C is the smallest set which contains all the propositional variables of C as well as all the unit elements of C,and which is closed under the following rules:

+

(1) A E F (2) A , B E

* i A , - ‘ A , o A ,O A E F F

+ A * B , A + B , A A B , A v B , A 3 B , A 3‘ B E F

The classical substructural modal logics which we investigate in this

425

paper have the exchange rule. Under the presence of the exchange rule, there is no need to differentiate 3 and 3’.In classical cases, we therefore delete 3’.Since 4 A is defined as A 3’f , 4 is to be deleted from classical cases. It should be noted that the language of intuitionistic substructural modal logics do not contain the multiplicative disjunction In a sequent system, * corresponds to the “comma” on the left side of the sequent, and + corresponds to the “comma” on the right hand side. + is the dual of *. In intuitionistic sequent calculus, the “comma” never occurs on the right hand of the sequent. This is because, in an intuitionistic sequent system, one cannot write the inference rules for in such a way that the duality of and * is represented in inference rules. A sequent of substructural modal logics is a list of formulas having the following form:

+.

+

+

AI,.. .,A,

+ B1,. . . , B ,

where each Ai and Bj are any formula. Note that both sides of + is allowed to be empty. For the intuitionistic cases, no formula or just a single formula occurs on the right-hand-side of the sequent. 2.2. Inference rules

2.2.1. Classical substructural modal logics We introduce the system called CFL:, which is the basis for the other classical substructural modal logics. CFLF is obtained from the standard classical substructural logic CFL, [4,5] by adding the following inference rule (0-K):

or + AO A +

(0-K)

This rule was introduced and shown, in [3], to correspond to the axiom K for modality:

K : o ( A 3 B ) 1 ( O A 3 OB) Definition 2.1. (Inference rules for classical modal substructural logics) CFL: have the following axioms and inference rules: 0

Axioms and rules for logical constants:

A+A

426

-+t

r,rl-+ A -+ A tw

I',t,"I

f-+

r -+ A , A I + A , f , A l fw

Structural inference rule:

r , A ,B,r' -+ A (e left) r , B , A , F -+ A

r + A, A, B , A' r -+ A, B , A , A/

r -+ A , A r ' , A + A' r,rl-+A, A! 0

(e right)

(cut)

Logical inference rules:

7 -+ ~ A,-+,rAA r,A , ri -+ n r,AAB,P+A r,B , r1-+ A F , A A B , P -+ A

(1

left)

(A left) (A left)

r , A -+ A iA,A

r -+

right)

(1

r

-+ A,A,A' -+ A , B , A ' (A right) r -+ A , A A B,Al

427

The set of sequents provable in CFLq is defined to be the intersection of sets X’s each of which satisfies the following two conditions: 0 0

All the axioms of CFLE are members of X . If the upper sequent(s) of an inference rules of CFLE is in X , then its lower sequent is also in X .

The other systems, CFLfD, CFLqT, CFLfT4 and CFLFT5are obtained from CFLF by adding the following inference rules:

Or

A (0-4)

or -+ O A -+

These rules correspond to the following axioms for modality:

D : OA>iOiA T : OA>A 4 : OA>OOA 5 : i0-A > OTCI~A Among the above four rules, the first rule (0-D) is due to Valentini [7]. The rest of them are adopted from [3]. The provability for the above systems is defined similarly for the provability of CFLq

428

2.2.2. Intuitionistic substructural modal logics We introduce the basic system of intuitionistic substructural modal logics, called FLK. In case of classical modal logics, 0 and 0 are mutually definable with the help of 1.However, this mutual definability of 0 and 0 does not hold for intuitionistic modal logics[6]. As a result, FLK has the inference rule for the 0-modality and the inference rule for 0-modality. The classical modal logic K has two axioms: O ( A 3 B ) 3 ( O A 3 U B ) and O ( A 3 B ) 3 (OA 3 OB). The first axiom corresponds to the inference rule:

r+A

or + O A The second axiom corresponds to the inference rule:

A+C OA + OC These inference rules are investigated in [3]. In case of intuitionistic logic, the right-hand-side of the sequent is restricted to one or zero occurrence of a formula. Therefore, one cannot use the second inference rule for the 0-modality. Instead, we introduce two inference rules (O-Kl) and (O-Kz) for the +-modality:

as well as the (0-K) rule which is the same rule as in the classical cases. (The lack of the exchange rule forces us to device the inference rule for the 0-modality into two cases.) These three inference rules are used to introduce FLK.

Definition 2.2. (Inference rules for intuitionistic substructural modal logics) FLK have the following axioms and inference rules: 0

Axioms and rules for logical constants:

A+A

429

r,r/+ c t w r + fw r,t,r/-+c r+f 0

Structural inference rule:

rl + A r 2 , ~ ,+r 3c r2,r1,r3+ c 0

(cut)

Logical inference rules:

r + A B,r'+C r,A +B (3 left) (3 right) A 3 B,F,l-" + C r+A>B

r + B~, r / + c (3'left) r , A 3' B,r' + C A

left)

l ~ , -+ r +

r

(1

y A+ ~

+

left)

(1)

A,r + B (3' right) I'+AYB

r,A+

r+

A,F

right)

(1

l~

+

r + 1 ' (-2 ~

right)

r,A,r/+ c

(A left) F , A A B,I" + C r,B,r' + c (A left) r,AA B,P +C

(A right)

430

In the above axioms and inference rules, the formula C may not occur on the right-hand-side of a sequent. The other systems, FLKD,FLKTand FLKT4are obtained from FLK by adding the following inference rules:

These rules correspond to the following axioms for modality:

D : oA>OA T : UA>A,A>OA 4 : UA > DOA, OOA

> OA

The first rule (00-D) is due to Valentini[7]. The next three rules, namely (0-T),(0-T),and (0-4), are adopted from [3]. The last two rules, (0-41) and (0-42), are introduced here in order to circumvent the same sort of difficulty which we have faced with in the introduction of (O-K1) and (O-Kz). The provability for the above systems is defined similarly for the provability of CFLF 3. Algebraic interpretation

In this section, we will introduce algebraic structures, called modal fuZZ Lambek algebra. An algebra corresponding to (non-modal) full Lambek calculus was introduced in [2]. He called it “uni-residuated lattice-ordered groupoid” ,

431

which does not have an operation corresponding to 3’. Ono[4] introduced an “FL-algebra” where both 3 and 3’ are took into consideration. Furthermore, Ono extended it by adding the modalities (!, ?) for linear logics. They were called “modal full Lambek algebras” [4]. We will investigate modal full Lambek algebras for modalities such as K, K D , KT, KT4 and KT5. Definition 3.1. (Modal full Lambek algebras) A structure A = (V,U, n, 0,+,+’,L, M , 1,0,T, I)is a FLK-algebra if the following conditions are satisfied: (1) (V, U, n,0,+ , + I ,

1,0,T, I)is a FL-algebra:

(a) (V,U, n, T, I)is a lattice with the least element I and the greatest element T for which T = I -+ I holds, (b) (V,0 ,1) is a monoid with the identity 1, (c) Vx,y,z,wEV z o ( x u y ) o w = ( z o x o w ) u ( z o y o w ) , (d) Vx,y, z E V ((x o y 5 z e x 5 y + z ) and (x o y 5 z u y 5 IC +‘z ) ) , (e) 0 E V .

(2) L and M are maps from V to V satisfying: (a) (b) (c) (d) (el

Vx,y E V LxoLy < L ( x o y ) , L(a:ny) 5 L x n L y , 1 5 L 1 5 LT ( 5 T), vx, y E v Mx u My 5 M(x u y), (I5 ) M I 5 MO 5 0, VX,Y E V L(x+y) 5 Mx-+My , L(x+’y) 5 M x 4 M y .

To obtain FLKD-algebra,which corresponds to FLKD,we add to FLKalgebra the following condition (2)-(f) for operators L and M : (2)-(f) vx E

v Lx 5 Mx

We obtain the FLKT-algebra, which corresponds to FLKT, by adding to FLK-algebra the following condition (2)-(g), instead of (2)-(f): (2)-(g) VX E V LX 5 x

, z 5 MX

If we add the following condition (2)-(h) to FLKT-algebra, we obtain the FLKT4-algebra,which corresponds to FLKT4: (2)-(h) Vx E V Lx 5 LLx , MMx 5 Mx

432

To handle classical substructural modal logics, we introduce the basic algebra which is called CFLF-algebra. It is obtained by requiring the commutativity for the monoid mentioned in the condition (b) of the definition of FL-algebra, and furthermore by adding the “classical” condition (f) which is specified below. In classical cases, we do not need to distinguish +’ from + due to the commutativity of the monoid. Therefore, -+’is not necessary in the definition in CFLFalgebra, so that the last clause of (1)-(d) is deleted. Furthermore, L and M become mutually definable with the help of the “classical” negation. Thus, the conditions (2)-(c),(d) and (e) are to be discarded. Putting all these together, one comes down to the following definition of CFLF-algebra.

A structure A = (V,U, n, 0,+,L , M , 1,0, T, I)is a CFLE-algebra if the following conditions are satisfied: (1) (V,U, n, 0 , +,1,0, T , I)is a CFL,-algebra: (a) (V,U, n, T, I)is a lattice with the least element I and the greatest element T for which T = I + I holds, (b) (V,0,1) is a commutative monoid with the identity 1, (c) V x , y , z , w E V z o ( x u y ) o z u = ( z o x o z u ) u ( z o y o w ) , (d) V x , y , z ~ Vx o y < z @ x < y + z , (el 0 E (f) vx E v ( x c 0 )+ o = 2.

v,

(2) L is map from V to V satisfying: (a) v x , y ~ VL x o L y < L ( x o y ) , L ( x n y ) s L x n L y , (b) 1 5 L1 5 LT ( 5 T ) , To obtain CFLFD-algebra, which corresponds to CFLED, we add to CFLf-algebra the following condition (2)-(f) for operators L and M : (2)-(f) vx E

v Lx 5 L(x+O) + o

We obtain the CFLFT-algebra, which corresponds to CFLfT, by adding to CFLf-algebra the following condition (2)-(g), instead of (2)-(f): (2)-(g) vx E

v Lx 5 x

If we add the following condition (2)-(h) to CFLfT-algebra, we obtain the CFLET4-algebra, which corresponds to CFLFT4: (2)-(h) VX E V LX 5 LLx

433

We obtain the CFLFT5-algebra, which corresponds to CFLET5, by adding to CFLrT-algebra the following condition (2)-(i), instead of (2)(h): (2)-(i) Vx E V L ( x -+ 0) -+ 0 5 L ( L ( x-+ 0) -+ 0) Next, we define valuation map v : 7.=

+V.

Definition 3.2. (Valuation map) Let P be the set of propositional variables and let 210 be a mapping from P to V, then v is defined by the following recursion: (1) 4 P i > = voki) (2) v ( i A ) = w(A)+ 0 , v(1’A) = v ( A )+’0 (3) v(A > B ) = v(A) +v(B), v(A >’ B ) = v(A) +‘v(B) (4) v ( A * B ) = v ( A ) 0 w(B), v(A B ) = v ( i ( i A * -8)) ( 5 ) v ( A A B ) = v ( A ) n v ( B ) , v(A V B ) = v(A) U v ( B ) (6) v ( 0 A ) = Lv(A) , v(OA) = Mw(A) (7) v(t) = 1 , v(f) = 0 , v(T) = T , v ( l ) = I

+

In order to keep our exposition somewhat simpler, we will use a new parameter “L”. Let L be one of the following systems: CFLE, C F L r D , C F L f T , C F L r T 4 ,CFLtT5, FLK, FLKD,FLKT and FLKT4

Definition 3.3. (Validity of a sequent) A sequent I‘ + A is valid in L iff for any L-algebra and any valuation v we have v(r,) 5 .(A*), where l?* is the multiplicative conjunction of all the formulas in r and A* is the multiplicative disjunction of all the formulas in A. If r is the empty list of formulas, l? is treated as t. If A is empty, A is treated as f . Note: Classical modal logic K is characterized by the axiom O ( A > B ) > (CIA 3 O B ) . An alternative way to characterized K is to use the axiom O ( A A B ) OAAOB.This alternative method leads readily to an algebraic interpretations of non-substructural modal logics, as in [l],just by requiring L ( x n 3) = LXn Ly to hold. If one moves from non-substructural modal logics to substructural modal logics, then one can not always expect that O A A OB + O ( A r\ B ) is provable. In substructural logics, however, there are two kinds of logical conjunctions: Adaptation of one of them, i.e., multiplicative conjunction,

434

makes it possible to prove OA figure shows:

* O B -+ O(A * B ) , as the

A -+ A A , B -+ A * B UA

following proof

(* right)

* O B ?r D(A * B )

Based on these consideration, we have chosen the inequality Lx o L y L ( x o y) in the clause (2)-(a) of the definition 3.1.

5

4. Soundness

Theorem 4.1. (Algebraic soundness) If I‘ -+ A is provable in L, then r -+ A is valid in L.

Proof. It suffices to show that all the axioms are valid in L, and that every inference rule preserves validity, i.e., that for every inference rule of L, if the upper sequent(s) are valid, then the lower sequent is valid. The subsystem obtained from F L by deleting 3‘ has the “uni-residuated lattice-ordered groupoid”(0btained from FL-algebra by deleting -+‘) as its model, and the soundness of the subsystem is already proved in Lemma 2 of [2]. This Lemma can be applied not only to F L but also to CFL,. Therefore, we consider only the inference rules involving modality. ‘‘means j” that “from this (these) it follows that”. We use the following two simple facts. First, if y 5 y‘ then z o y o z 5 x o y‘ o z , because z o y‘ o z = z o (y U y’) o z = x o y o z U x o y‘ o z . Second, if x _< y then Lx 5 Ly, because Lx = L(z n y) _< Lx n L y 5 Ly.

(0-K) Assume that A l , . . . , A, -+ B is valid in L. Then, v(Al * . . . * A,) 5 v(B)is hold for any L-algebra. + v(UA1 * . * . * OA,) = Lv(A1) o . . . o Lv(A,) 5 L ( v ( A l ) o . . . o ~ ( A , ) ) = Lv(Ai*...*A,) 5 L v ( B ) = W ( U B ) Therefore, O A , , . .. ,UA, -+ O B is valid in L.

.

(O-K1) Assume that Al,. . . ,A,, B -+ C is valid in L (for intuitionistic cases). Then, v ( A l * . . . * A, * B ) 5 v(C) is hold for any L-algebra. + v(A1 * . . . * A,) 0 v ( B ) 5 w(C)

435

.

(V-K2) Assume that A, B1, . . . ,B, + C is valid in L (for intuitionistic cases). Then, v ( A* B1* . . . * B,) 5 v(C) is hold for any L-algebra. + v(A)0 v(B1 * . . . * B,) 5 w ( C ) + v(B1 * . . . * B,) 5 v(A)-+‘v ( C ) L w ( B ~.*. * * B,) 5 L ( v ( A )+’w ( C ) )5 M w ( A )+’ M v ( C ) Mv(A)0 L w ( B ~... * * B,) 5 M v ( C ) + v(OA * OBI * * * OB,) = M w ( A )o v(OB1 * . . . * OB,) 5 M I J ( A 0) L w ( B ~ * .* B,) 5 M w ( C )= w(OC) Therefore, OA, O B I , .. . , O B , + VC is valid in L.

+ +

(0-D) Assume that A1 , . . . , A, + is valid in C F L t D . Then, v(A1 * . . . * A,) 5 v(f) = 0 is hold for any CFLFD-algebra. v(A1 * . . . * A,-l) 0 v(A,) 5 0

+ + I J ( A ~* *. .* An-i) 5 v(An)+ O + Lv(A1 * . . . * An-l)

5 L(w(A,) -+ 0 ) 5 L((v(A,) -+ 0 ) + 0) + O = Lv(A,) + 0 + L z J ( A* .~. * An-1) 0 Lv(A,) 5 0 + v(OA1 * . . * OA,) = v(OA1 * . . . * CIA,-,) o v(OA,) 5 Lv(A1 * . . . * A,-I) o Lv(A,) 5 0 Therefore, OAl,. . . ,OA, + is valid in C F L r D . *

*

.

(UV-D) Assume that A1 , . . . ,A, -+ B is valid in FLKD. Then, v(A1 * . . . * A,) 5 v ( B ) is hold for any FLKD-algebra. + Lv(A1 * ... * A n )5 L v ( B ) 5 M v ( B ) + v(OA1 * . . . * DA,) 5 Lv(A1 * ... *A,) 5 M w ( B )= w ( V B ) Therefore, KIA,, ...,OA, + V B is valid in FLKD.

436

(0-T) Assume that A l , . . . , A , + B1,. . . , B , is valid in L (for CFLfT, CFLfT4, CFLFT5,FLKT and FLKT4). Then, v(Al *. . . *A,) 5 v(B1+. . . + B,) is hold for any L-algebra. j v(A1 * . * . * Ai-1 * DAi * Ai+l * * * . * A,) = v(A1 * . . * * Ai-1) 0 L v ( A ~0)v(Ai+l * . . . * A,) 5 v(A1 * . . * * Ai-1) o v(Ai)o ~ ( A i +*l . . * * A,) = v(A1 * . * * An) 5 v(B1 -I- . * . B,) Therefore, Al, . . . ,Ai-1, OA,, Ai+l,. . . , A , + B1,. . . ,B, is valid in L.

+

(0-T)

Assume that A l , . . . , A, + B is valid in L (for FLKT and FLKT4). Then, v(A1 * . . . * A,) 5 v(B)5 M v ( B ) is hold for any L-algebra. Therefore, A l , . . . , A , + O B is valid in L. 0

(0-4) Assume that OA,, . . . , OA, + B is valid in L (for CFLFT4 and FLKT4). Then, v(OA1 * . * OA,) 5 v ( B ) is hold for any L-algebra. jLv(OA1 * * . . * OA,) 5 L v ( B ) + v(OA1 * * * * OA,) = Lv(A1) o . . . O Lv(A,) 5 LLv(A1) 0.. . O LLw(A,) 5 L(Lv(A1)o . * * o Lv(An))= Lv(oA1 * . . . * DA,) < Lv(B)= v ( 0 B ) Therefore, OA,,. . . ,OA, + O B is valid in L. (0-41) Assume that CIA,, . . . , OA,,B + OC is valid in FLKT4. * OA, * B ) 5 v(0C) is hold for any FLKT4Then, v(OA1 * algebra. + v(OA1 * . . * * DA,) 0 v ( B ) _< M v ( C ) + v ( o A l * * * . * O A , )~ U ( B ) + M V ( C ) + Lv(OA~***.*OA,) 5 L(v(B)+Mv(C))5 M w ( B ) + M M v ( C ) + Lv(oAi* * . * * =A,) o M v ( B ) 5 M M v ( C ) 5 M v ( C ) 3 v(OAi* . - * * CIA, * OB) = v(oA1* . * * * OA,) 0 M v ( B ) 5 Lv(oAi* . . . * OA,) 0 M w ( B )5 M v ( C ) = v ( 0 C ) Therefore, OAl,. . . , DA,, Q B OC iis valid in FLKT4.

437

(0-42) Assume that A, O B I , .. . ,UB, -+ OC is valid in FLKT4. Then, v(A*UB1*.. .*LIB,) 5 v ( 0 C ) is hold for any FLKT4-algebra. =+ v ( A ) 0 v(OB1* . . . * OB,) 5 M w ( C ) jv(oB1 * * . . t OB,) 5 v ( A )-+'M v ( C ) jLv(OB1* . * . * OB,) < L(w(A)-+'M v ( C ) ) 5 Mv(A)-+'M M v ( C ) jMv(A) 0 Lv(oB1 * . * .* OB,) 5 M M w ( C )5 M w ( C )

+v(OA*OB1 * . . . * OB,)=MV(A)O~(OB~*...*OB,) 5 Mv(A)o L v ( O B ~ **.. * LIB,) 5 M w ( C )= v ( 0 C ) Therefore, OA, O B I , .. . , U B , -+ OC is valid in FLKT4. 0

(0-5) We use the following facts which hold for CFLzT5-algebra. ( L ( L x+ 0) -+ 0 ) 5 Lx holds, because: L ( ( x-+ 0) + 0) + 0 5 L ( L ( ( x-+ 0) 4 0) -+ 0 ) =+ LX-+O5 L(Lx-+O) = (L(L2+0)+0)+0 =+ (LZ-kO) 0 (L(Lx-+O)+O) 5 0 (L(Lx-+O)-+O)5 (Lx+O)-+O = Lx x 5 L ( z 0) -+ 0 holds, because: L(2 3 0) 5 (x-+ 0 ) =+ x 5 L ( x -+ 0 ) -+ 0 Lx 5 LLx holds, because: L x ~ L ( L z t O ) - , O ~ L ( L ( L x - + O ) - +5OL)L x is valid in Assume that OA,,. . . , OA, + B , OC1,. . . , OC, CFLfT5. holds for Then, v(OAl * - .. * OA,) 5 v ( B OC1 . . . UC), CFLET5-algebra. j v(OA~*****OA 5, (v(B)+O)o(v(OC1 ) +...+OC,)+O)-+O jv ( O A i * . . .* OA,) o ( v ( B )4 0 ) o ( ~ ( 0 C i ...+ + OC,) + O ) 5 0 jv(oA1 * . . . * OA,) o ( w ( B-+ ) 0) < (v(OC1+ . .. OC,)+O) 4 0 = v(OC1 * .. OC,)

*

+

+

+

+

+ +

438

5. Completeness Definition 5.1. (The Lindenbaum algebra) We define IAl to be the set { B : A + B and B + A are provable in L}. Each J A Jconstitute an equivalent class, and it does not depend on the choice of the representable element. Among these equivalent classes, we introduce algebraic operations in the following way:

IAl o IBI = [ A* BI J A ( r l [ B I = [ A A B ,J( A ( U I B [ = ( A V B ( \A(+ IBI = \A 3 B ( , (A1+‘ IB( = ( A3’B ( LlAl = IoAl , MIA1 = 10-41 Let F*= {IAJ : A E 3). The Lindenbaum algebra of L is defined to be the algebra:

v*, n, u,

+’, L , M , Itl, Ifl, ITI, 14)

0 ,+>

(For classical cases, +’ and M are excluded.)

L e m m a 5.1. The Lindenbaum algebra of L is an L-algebra. Proof. As in the proof of Theorem 4.1, we check here only the conditions involving modality. (For the other conditions, we refer the reader to Lemma 3 of [2].) Take A and B to be any formulas.

439 We need to show the fact that (A1 5 IBI is hold in the Lindenbaum algebra of L if A + B is provable in L. Assume that A + B is provable in L. Then, we have the proof

A

A A -t B (A left) A A (A right) A-+AAB AAB-+A

+

+

From this, it follows that JAl= IAABI = IAl n IBI holds in the Lindenbaum algebra of L. Hence, IAl 5 (BI holds. Using the above fact, we can show that the Lindenbaum algebra of L satisfies the conditions of L-algebra in the following ways.

5 L(IAI o IBI) holds, because we have

0

LlAl

0

L(IAI n IBI) 5 LIA( n LIB1 holds, because we have

o

LIB1

A + A (A left) A A B B (A left) AAB+A O(A A B ) -+ O B (0-W ~ ( ABA) + UA (A right) U(AA B ) + OA A UB -+

+

It1 5 Lltl 5 LIT1 5 IT1 holds, because we have

L(IAI + IBI) 5 MIA1 + MIBI L(lAI +’ PI) holds for intuitionistic cases. because we have 7

I

MIA1 -+’MlBl

440

(I( 5 MIL( 5 M(f(5 If1 holds for intuitionistic cases, because we have f + I + f

01+ Of (0-K1) Of

I + Ol(axiom) 0

LIA( _< L((AI+ lfl)

+ If(

-$

(O-K1) (fw)

holds for CFLFD, because we have

L/AI 5 MIA1 holds for FLKD,because we have A + - A (00-D) UA + OA 0

L J A J5 IAJ holds for CFLrT, CFLfT4, CFLFT5, FLKT and FLKT4,because we have

*

A A (0-T) OA + A 0

IAJ 5 MIA1 holds for FLKT,FLKT4,because we have A+A A+OA

(0-T)

0

L J A J5 LLJAJholds for CFLfT4 and FLKT4,because we have

0

IMMJAI5 MIA( holds for FLKT4,because we have

441

0

L()AI+If[) + If) 5 L(L(IAI+ If[)+ If[) holds for CFLFT5,because we have

Theorem 5.1. (Algebraic completeness) If a sequent I' + A is valid in L, then I? + A is provable in L. Proof. Suppose that A -+ B is valid in L. Then, IAl 5 lBl holds in the Lindenbaum algebra of L. From this, it follows that )A1 = ) A )n ) B )= ) A A B ) . By the definition of equivalence classes, A + A A B is provable in L. Now then, we can construct a following proof of A + B in L.

'

( A left) A-+AAB A A B + B (cut) A+B +

The above argument for A

+ B carries over for I? -+ A.

6. Conclusion

We have extended the sequent systems FL and CFL,, which constitute the basis of substructural logics, to obtain nine new systems for substructural modal logics CFL:, CFLFD,CFLFT,CFLfT4, CFL5T5,FLK, FLKD, FLKTand FLKT4by the addition of inference rules for the modal operators 0 and 0.These systems are proved to be both sound and complete through algebraic interpretations. Non-substructural modal logics have been recently a target of extensive research activities motivated by not only theoretical interests, but also various kinds of intentions to apply them to fields related to foundations of computer science, AI, and control engineering, to mention a few. We think that substructuralization of these modal logics will make it possible to obtain more detailed and finer arguments and analysis in these fields than those obtained by merely applying non-substructural modal logics. In this

442

regards, our soundness and completeness theorems may be regarded as providing a methodological foundation t o future applications of substructural modal logics. References 1. B. Chellas. Modal Logic: an introduction. Cambridge University Press, Cambridge, UK, 1980. 2. K. Dogen. Sequent systems and groupoid models. I. Studia Logical 47:353-385, 1988. 3. M. Ohnishi and K. Matsumoto. Gentzen method in modal calculi. Osaka Mathematical Journal, 9:113-130, 1957. 4. H. Ono. Semantics for substructural logics. In K. Dogen and P. ShroederHeister, editors, Substructural Logics, pages 259-291. Oxford University Press, Oxford, UK, 1993. 5. H. Ono. Proof-theoretic methods in nonclassical logic - an introduction. In Theories of Types and Proofs, MSJ Memoirs, pages 207-254. Mathematical Society of Japan, Tokyo, Japan, 1999. 6. A. Simpson. The Proof Theory and Semantics of Intuitionistic Modal Logic. PhD thesis, University of Edinburgh, 1994. 7. S. Valentini. The sequent calculus for the modal logic D. Bollettino della Unione Matematica Italiana, 7-A:455-460, 1993.

443

DIAMOND EMBEDDINGS INTO THE D.C.E. DEGREES WITH 0 AND 1 PRESERVED

GUOHUA WU School of Mathematical and Computing Sciences Victoria University of Wellington P.O. Box 600, Wellington New Zealand email: wu(0mcs. vuw. ac .nz

1. Introduction

Say that a set A C w is computably enumerable (c.e. for short), if A can be listed effectively. Thus we can define a set D C_ w to be d.c.e. if D is the difference of two c.e. sets. A Turing degree is c.e. (d.c.e.) if it contains a c.e. (d.c.e.) set. Let R be the set of all c.e. degrees and D2 be the set of all d.c.e. degrees. Since any c.e. set is d.c.e., R C_ Dz. Cooper [4] showed that there are d.c.e. degrees containing no c.e. sets (these d.c.e. degrees are called properly d.c.e. degrees), and hence R c D2. In [6], Cooper, Lempp and Watson proved that the properly d.c.e. degrees are densely distributed in the c.e. degrees. Lachlan observed that any nonzero d.c.e. degree bounds a nonzero c.e. degree, and so the downwards density holds in D2. Thus as noticed by Jockusch, Dz is not complemented. The first two structural differences between Dz and R are:

Theorem 1 (Arslanov’s Cupping Theorem [2]) Every nonzero d.c.e. degree cups to 0’ with an incomplete d.c.e. degree. Theorem 2 (Downey’s Diamond Embedding Theorem [lo]) There are two d.c.e. degrees dl, d2 such that dl U d2 = 0’, dl n d2 = 0.

By Theorem 2, the diamond lattice can be embedded into the d.c.e. degrees preserving 0 and 1. In this paper, we will refer to such embeddings as Downey ’s d i a m o n d embeddings. In [16], Li and Yi constructed two d.c.e. degrees dl,d2 such that any nonzero c.e. degree cups one of dl, d2 to 0’. As a corollary, any nonzero d.c.e. degree below dl is a complement of dz, and hence, one of the atoms

444

in Downey’s diamond can be c.e., which was demonstrated first by Ding and Qian in [9]. In [5], Cooper et al. proved that D2 is not densely ordered, which gives a more striking difference between R and D2: Theorem 3 (Cooper, Harrington, Lachlan, Lempp and Soare [5]) There

is a maximal incomplete d.c.e. degree. By Lachlan’s observation, the dual version of Theorem 3 is not true. However, as proved by Cooper and Yi [7], and independently by Ishmukhametov [12], the following weak density holds in the d.c.e. degrees: Theorem 4 (Cooper and Yi [7], Ishmukhametov [12]) For any c.e. degree a and d.c.e. degree d, if a < d, then there is a d.c.e. degree e such that

a<e 0. A contradiction. 0 Based on this observation, Wu [19] gives an alternative proof of the existence of Downey’s diamond embedding:

445

Theorem 7 (Wu [19]) There are an isolation pair (a,d) and a c.e. degree c such that c u d = 0‘, c n a = 0. Thus, (0, c, d, 0’} is a Downey’s diamond embedding. The main idea involved in Theorem 7 is to ask d to be responsible for cupping c t o 0’ and a to be responsible for capping c to 0. This appears to be as close as we can get to overcoming the obstacle to constructing the diamond embedding into the c.e. degrees preserving 0 and 1, which first became apparent in Lachlan’s Non-Diamond Theorem [14]. Furthermore, Wu [22] showed that this idea can also be used to prove that for any high c.e. degree h, the nondistributive lattice M:, can be embedded into the interval [0,h] preserving 0 and 1. As a consequence, the nondistributive lattice S8 can be embedded into the d.c.e. degrees with 0 and 1 preserved. Say that a c.e. degree c is cappable in R if there is a nonzero c.e. degree b such that c n b = 0. Let M be the set of all cappable degrees. Obviously, 0 E M. Let NC = R - M. Ambos-Spies et al. [l]showed that M is an ideal in R and N C is a strong filter in R. They also showed that a c.e. degree c is cappable if and only if no low c.e. degree can cup c to 0‘ if and only if c contains no promptly simple sets. Downey, Li and Wu [ll]gives a new characterization of cappable degrees: c is cappable in R if and only if c has a nonzero complement in the d.c.e. degrees.

Theorem 8 (Downey, Li and Wu [ll]) For any c.e. degree c > 0, c is cappable in R if and only if there is an isolated degree d such that cud = 0’, cnd=O. Theorem 8 says that any nonzero cappable degree can always have an isolated degree as its complement. Again, the proof of Theorem 8 involves a construction of an isolation pair (a,d), such that c caps a to 0 and cups d to 0’. In this paper, we prove that any nonzero cappable degree can always have a nonisolated degree as its complement.

Theorem 9 For any c.e. degree c > 0, c is cappable in R if and only if c can be complemented in the d.c.e. degrees by a nonisolated degree. To prove Theorem 9, it’s necessary to prove:

Theorem 10 For any c.e. degree c > 0, if c is cappable in R, then there are two d.c.e. degrees b < d such that (1) b is properly d.c.e. and nonisolated; (2) b n c = 0, d U c = 0’; (3) b bounds all c.e. degrees below d.

446

Proof of Theorem 9: First, suppose that c has a complement d in the d.c.e. degree. Then by Lachlan's observation, we know that there is a nonzero c.e. degree e below d. c n e = 0. c is cappable in R. Now fix c > 0 as a degree cappable in R. By Theorem 10 (2) and (3), c is complemented by d. Now we show that d is nonisolated. Let e be any c.e. degree below d. Then by the fact that b bounds all c.e. degrees below d, we have e < b. Since b is nonisolated, there is some c.e. degree O f between e and b, and hence between e and d. d is nonisolated.

(b,d) in Theorem 10 is called a pseudo-isolation pair. For more details on the pseudo-isolated degrees, see Wu [HI, [20], [21]. We organize the paper as follows. In section 2, we list the requirements needed to prove Theorem 10, and describe the basic strategies to satisfy these requirements. In section 3, we give the construction, and in section 4, we verify that our construction satisfies all the requirements. Our notation and terminology are quite standard. During the construction, when we define a parameter as a fresh number x at stage s, we mean that z is the least number greater than any number mentioned so far. Particularly, x > s. For others, see Soare [17]. 2. Requirements and basic strategies Given a cappable c.e. degree c > 0, let C E c be any c.e. set. To prove Theorem 10, we will construct two d.c.e. sets B , D ,an auxiliary c.e. set E , and a partial functional satisfying the following requirements:

6: K = r(C, D); PE: E # P,": D # @ ;: Me: B # @,W. V We # iP:; N, : @: = @f= g total + g computable; R, : +pD = we+ ~ A , ( A : = we); Q, : W, = 0:

+ (3c.e. U, ST B ) ( v ~ ) (#u ,OF).

(2-1) (2.2) (2.3) (2.4) (2.5) (2.6) (2.7)

where e E w , {(@,,We) : e E w } is an effective enumeration of all pairs (a, W ) such that cf, is a partial computable functional, W is a computably enumerable set. K is a fixed creative set. Let b , d , e be the Turing degrees of B , B CBD, E respectively. By the requirement G, c U d = 0'. By the N-requirements, c n b = 0 . By the M-requirements, b is a properly d.c.e. degree. By the PE-requirements, d is incomplete. Thus, c and d are incomparable.

447

We now show that d is pseudo-isolated by b. By the PD-requirements, b < d. The Q-requirements guarantees that b is nonisolated and the Rrequirements guarantees that b bounds all c.e. degrees below d.

2.1. The 8 - s t r a t e g y

In the construction, the G-strategy will be responsible for coding K into C @ D . The G-strategy proceeds as follows: If there is an z such that r(C, D ; z ) [ s ]$# K,(x), then let k be the least such z, enumerate y(lc)[s] into D , and for any 1~ 2 Ic, let r(C, D ; y) be undefined. Otherwise, let k be the least number z with r(C, D; z)[s] f. If r(C, D ; z) has never been defined so far, then set r(C, D ; k ) [ s ]= K,(k) with y(k)[s] fresh. If not, let t be the last stage at which r ( C , D ; k ) [ t ]4. If one of the following holds, then set r(C, D; k)[s] = K,(k) with y(k)[s] fresh.

(a) There is some y < k with y(y)[s] > y(k)[t]; (b) There are some y-markers less than or equal to y(Ic)[t]enumerated into D or removed from D after stage t;

(In the construction, if a y-marker z is enumerated into D at stage and moved out at stage s2 > s1, then between these two stages, C will have a change below z, which allows us to list this y-marker to a larger number.) (c) C has a change below an active requesting number (as defined later), z say, and z 5 y ( k ) [ t ] . s1

If (a)-(.) do not apply, then set r(C, D ; k ) [ s ]= K,(k) with y ( k ) [ s ]= y ( k ) [ t ] . The G-strategy guarantees that r(C,D ) is totaIly defined and computes K correctly. Obviously, y-markers have the following properties:

448

2.2. A PE-strategy

A PE-strategy, a say, will satisfy a PE-requirement, E #

say. a is the Friedberg-Muchnik strategy, with some modification to cooperate with the coding of K . That is, during the construction, the coding procedure may enumerate infinitely many numbers into D and hence may injure the standard Friedberg-Muchnik strategy infinitely often. To avoid this, we use the threshold strategy as follows. Set a parameter k ( a ) first as a fresh number. k ( a ) acts as a threshold for the enumeration of y-markers. Whenever K changes below k ( a ) , reset a by canceling all parameters of a , except k ( a ) . Since k ( a ) is fixed, such a reset procedure can happen at most finitely many times. Let SO be the last stage at which a is reset or initialized. Suppose that at some stage s l , @:@D(z(a))[sl] converges to 0, then instead of putting .(a) into E immediately, we put y ( k ( a ) ) [ s l into ] D first to lift y(z) for z 2 k ( a ) to big numbers, and request that y ( k ( a ) )be undefined whenever C has a change below y ( k ( a ) ) [ s l ] .Correspondingly, we call y ( k ( a ) ) [ s l ]a requesting number. Say that y(k(a))[s1]’srequest is realized if C has a change below y ( k ( a ) ) [ s l and ] that y ( k ( a ) ) [ s 1 ] % request remains active if a has not been initialized or reset or y ( k ( a ) ) [ s l ] ’request s has not been realized. Note that the enumeration of y ( k ( a ) ) [ s linto ] D prevents the G-strategy from now on. However, from injuring the computation Qi:@D(z(a))[sl] ] into D may injure the computation the enumeration of y ( k ( a ) ) [ s l itself + : @ D ( z ( a ) ) [ ~Such l ] . injuries are called the “capricious injury” , which was first used by Lachlan in his nonsplitting theorem. Now suppose that y ( k ( a ) ) [ s l ] ’ srequest is realized at stage $ 2 , i.e., Cszr y ( k ( a ) ) [ s l # ] C,, y ( k ( a ) ) [ s l ] .Then y ( k ( a ) ) [ s 2 ]is redefined as a big number as requested by Y ( k ( 4 ) b l I (particularly, Y(k(Q))[S21> r(k(a)>[s11),and r ( k ( a ) ) [ s 1 I 1 s request becomes inactive forever. Let s3 2 s2 be the next a-stage. Then, by taking y ( k ( a ) ) [ s l out ] of D , the computation 4jf@D(z(a)) is recovered [ ~ ~y]( k, ( a ) )is undefined again by D,, ty(lc(a))[sz]# to @ : @ D ( z ( a ) )and Dsz t y ( k ( a ) ) [ s 2 ] Furthermore, . in the construction, to cooperate with the R-strategies (see below), at stage s3, when we take the number y ( k ( a ) ) [ s l ] out of D , we also put s1 into B. The enumeration of s1 does not injure the PE-strategy described above because s1 > cp,(z(a))[sl]. We now describe the a-strategy in details. First, choose z ( a )as a fresh number. Particularly, .(a) > k ( a ) . a runs cycles ( n ) n, E w . Fix n. Cycle (n)runs as follows: (1) Wait for a stage sn at which @:@D(z(a))[~n] $= 0.

449

(2) Put r ( k ( a ) ) [ s ninto ] D. For those z < r(k(a))[s,]with g m ( z ) f - , define g a ( z ) = Cs,(z). Declare that y(k(a))[s,] requests that C have a change below it to perform the Friedberg-Muchnik strategy. Start cycle ( n l),and simultaneously, wait for C to change below Y ( ~ ( Q ) [) ~ n l . (3) Enumerate .(a) into E , and simultaneously, take r ( k ( a ) ) [ s nout ] of D ,enumerate sn into B. Stop.

+

Since C is noncomputable, g , cannot be totally defined. That is, not every cycle can reach (2) and wait at (2) permanently. Let (n)be the first cycle reaching (3). Then a is satisfied because E ( x ( ~= ) )1 #

o = @feD(z(a))[~nl = +feD(~(a)).

a has the following outcomes:

0 [ w n I= + f ( ~ ) [ ~ n + l= I +?(y)[~n+lI.

By induction, we have for all m 2 n, $e,i(Y)

= @ f ( ~ ) [ ~ r n=I +?(y)[~mI = +?(~)[wrnI = + f ( ~ > [ w r n ] .

Since both @(y) and +F(y) converge, we have $e,i(Y)

= +:(Y)

= +?(Y> = h e ( Y ) .

Let a be any N-strategy on the tree. Then rs works to satisfy requirement. Define

Ne(,)-

l ( o , s )= {z : VY < "[@$,)(Y)[sl-1=+~,)(Y)"}; m(a,s) = max{l(a, t ) : t < s and t is a-stage}. Say that a stage s is a-expansionary if s = 0 or s is an a-stage and qrs, s) > m(a,s). rs has infinitely many substrategies, each of which works on an Se(u),irequirements. In the following, we write S,,i for Se(,,),i,$,,i for $e(u),i for convenience. During the construction, S,,i may open (and hence close) gaps at expansionary stages, and whenever S,,i opens a gap, S,,i will extend the definition of qm,i. Say that S,,i requires attention at an a-expansionary stage s if one of the following holds:

(1) S,,i is inside a gap. (2) S,,i is inside a cogap. There are two subcases:

(2A) There is some y E dom($,,i) such that C, cp,(C; y)[v] # C, cp,(C; y)[v], where v is the last a-expansionary stage. (2B) &,i is ready to open a gap.

r

In case (2), (2A) has higher priority than (2B). It may happen that (2A) prevents S,,i from opening a gap (2B) for almost all times. In this case, dom(&,i) is finite, and there is some y E dom($,,i) with @F(g)T. Sg,i has two outcomes g ,.(17),s-),

where s- is the stage at which x(q) in enumerated into B , then take x(q) out of B , define 6, = 17. (Note that by the use principle, those A&(m) undefined by the enumeration of x ( v ) are defined now because of the recovering of B 1 S[,(m).) Declare that 17 is satisfied, initialize all strategies with lower priority. Go to the next stage. 174. If 17 is satisfied, then let ~ ~ ( be0 eligible ) to act at the next substage. 175. Otherwise, let q n ( l ) be eligible to act at the next substage. Case 4.6 = o is an Af-strategy.

+

01. If s 1 is not 0-expansionary, then let un( f) be eligible to act at the next substage. 02. If s 1 is o-expansionary, and no substrategy requires attention, then let u-(d) be eligible to act at the next substage. 03. Otherwise, let i be the least number such that Su,i requires attention, and let Su,i receive attention as follows:

+

5 v, where v is the stage at which the gap is opened, define pg(m) = s 1. Let x be chosen by ( 0 2 ) at stage w. If C has a change below x between stages v and s 1,then declare that the gap is closed successfully and that Su,i is satisfied. Otherwise, declare that the gap is closed unsuccessfully. Define o ~ = + a-(gi), ~ initialize all nodes to the right of ~ , + l , and go to the next stage. Subcase 2. If 0 is inside a cogap and there is some y E dom($,,i) with C,,l %(Y)[V] # CIJ cpu(Y)[vl, where 'u is the last Qexpansionary stage, then let on(&) be eligible to act at the next substage. Subcase 1. If Su,i is inside a gap, then close the gap, and for all m

+

r

+

r

462

Subcase 3. Otherwise, Su,i is ready to open a gap. That is, there is some z entering Wi between stages w and s + 1, where w is the last an(gi)-stage, and there is some y < l ( g , s + l ) with $u,i(y)[s+ 11 t and z > max{u(Cs+l; e ( o ) , y ‘ , s 1) : y‘ 5 y}. Choose y as the least such number and define $u,i(y) = cPF(y)[s 11. Let on(gi) be eligible to act at the next substage.

+

Case 5. S =

+

< is an R-strategy.

Sn(l). Let s3 > s2 be any I-stage, then by the choice of s2, s3 is not sz be the stage at which r(C, D ; k ( 6 ) ) is defined. Then for any 1 < k ( 6 ) , y(Z)[s3] < y(k(6))[s3],and D has no change below y(k(6))[s3] afterwards.

+

+

+

D Ty(k(6))[~3I= Dss ~ Y ( ~ ( S ) ) [ S Q I . Furthermore, since C is noncomputable, there are only finitely many stages wo,v1,... ,w, such that y(k(d))[vi],i 5 n , can request C have a change below them (i.e., y ( k ( b ) ) [ v i ]are enumerated into D to lift y(k(6))). Let s4 2 v, be the least stage after which y(k(6)) does not request anymore. Then either (T is satisfied at stage s4 (one of the y(k(6))’srequests is realized in this case) or C will have no change below y(k(G))[vi] for any i 5 n. In both cases, if r(C, D; k ( 6 ) ) is defined at stage s5 2 s4, then for all s 2 s5, y(k(S))[s] = y(k(d))[s4] by the G-strategy. Therefore, r(C,D; k ( 6 ) ) 4,and hence r(C, D ; k ) 4. 0 Acknowledgement: This project is supported by New Zealand FRST Post-Doctoral Fellowship. References 1. K. Ambos-Spies, C. G. Jockusch, Jr., R. A. Shore and R. I. Soare, An algebraic decomposition of the recursively enumerable degrees and the coincidence of several degree classes with the promptly simple degrees, Trans. Amer. Math. SOC.281 (1984), 109-128. 2. M. M. Arslanov, Structural properties of the degrees below 0’, Dokl. Akad, Nauk SSSR(N. S.) 283 (1985), 270-273. 3. M. M. Arslanov, S. Lempp and R. A. Shore, O n isolating r.e. and isolated d.r. e. degrees, in “Computability, Enumerability, Unsolvability” (Cooper, Slaman, Wainer, eds), 1996, 61-80.

471 4. S. B. Cooper, Degrees of Unsolvability, Ph. D. thesis, Leicester University, Leicester, England. 5. S. B. Cooper, L. Harrington, A. H. Lachlan, S. Lempp and R. I. Soare, T h e d.r.e. degrees are n o t dense, Ann. Pure Appl. Logic 55 (1991), 125-151. 6. S. B. Cooper, S. Lempp and P. Watson, Weak density and cupping in t h e d-r.e. degrees, Israel J. Math. 67 (1989), 137 -152. 7. S. B. Cooper and X. Yi, Isolated d.r.e. degrees, University of Leeds, Dept. of Pure Math., 1995, Preprint series, No. 17, 25pp. 8. D. Ding and L. Qian, Isolated d.r.e. degrees are dense in r.e. degree structure, Arch. Math. Logic 36 (1996), 1-10, 9. D. Ding and L. Qian, Lattice embedding into d-r.e. degrees preserving 0 and 1, in “Proceedings of the Sixth Asian Logic Conference” (C. T. Chong, Q. Feng, D. Ding, Q. Huang and M. Yasugi, eds) (1998), 67-81. 10. R. G. Downey, D.r.e. degrees and the nondiamond theorem, Bull. London Math. SOC.21 (1989), 43-50. 11. R. G. Downey, A. Li and G. Wu, Every cappable c.e. degree i s complemented in the d.c.e. degrees, in preparation. 12. S. Ishmukhametov, D.r.e. sets, their degrees and index sets, Thesis, Novosibirsk, Russia, 1986. 13. S. Ishmukhametov and G. Wu, Isolation and the high/low hierarchy, Arch. Math. Logic 41 (2002), 259-266. 14. A. H. Lachlan, Lower bounds for pairs of recursively enumerable degrees, Proc. London math. SOC.16 (1966), 537-569. 15. G. LaForte, T h e isolated d.r.e. degrees are dense in the r.e. degrees, Math. Logic Quart. 42 (1996), 83-103. 16. A. Li and X. Yi, Cupping the recursively enumerable degrees by d.r.e. degrees, Proc. London Math. SOC.78 (1999), 1-21. 17. R. I. Soare, Recursively Enumerable Set s and Degrees, SpringerVerlag, Berlin, 1987. 18. G. Wu, Nonisolated degrees and the j u m p operator, Ann. Pure Appl. Logic, 117 (2002), 211-223. 19. G. Wu, Isolation and diamond embeddings, J. Symbolic Logic 67 (2002), 1055-1064. 20. G. Wu, O n the density of the pseudo-isolated degrees, Victoria University of Wellington, School of Mathematical and Computing Sciences, 2002, Research Report, No. 02-10, 16pp. 21. G. Wu, Structural properties of the d.c.e. degrees and presentations of c.e. reals, Ph.D. Thesis, Victoria University of Wellington, 2002. 22. G. Wu, Embedding s8 into the d.c.e. degrees preserving 0 and 1, in preparation.