
TL;DR
This paper introduces and formalizes mutual coinduction as a dual to mutual induction, providing proof principles, conditions for fixed points, and discussing its relation to standard induction and coinduction.
Contribution
It offers the first formal definitions and proof principles for mutual (co)induction, highlighting the importance of monotonicity over continuity for fixed point existence.
Findings
Mutual coinduction is a dual of mutual induction.
Monotonicity of generators is sufficient for fixed points.
Formal definitions and proof principles for mutual (co)induction are established.
Abstract
In this paper we present mutual coinduction as a dual of mutual induction and also as a generalization of standard coinduction. In particular, we present a precise formal definition of mutual induction and mutual coinduction. In the process we present the associated mutual induction and mutual coinduction proof principles, and we present the conditions under which these principles hold. In spite of some mention of mutual (co)induction in research literature, but the formal definition of mutual (co)induction and the proof of the mutual (co)induction proof principles we present here seem to be the first such definition and proof. As such, it seems our work is the first to point out that monotonicity of mutual generators seems not sufficient for guaranteeing the existence of least and greatest simultaneous fixed points in complete lattices, and that continuity on the other hand is…
Click any figure to enlarge with its caption.
Figure 1
Figure 2
Figure 3
Figure 4
Figure 5Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsDiverse Scientific and Economic Studies
Mutual Coinduction
Moez A. AbdelGawad
Abstract
In this paper we present mutual coinduction as a dual of mutual induction and also as a generalization of standard coinduction. In particular, we present a precise formal definition of mutual induction and mutual coinduction. In the process we present the associated mutual induction and mutual coinduction proof principles, and we present the conditions under which these principles hold.
In spite of some mention of mutual (co)induction in research literature, but the formal definition of mutual (co)induction and the proof of the mutual (co)induction proof principles we present here seem to be the first such definition and proof. As such, to the best of our knowledge, it seems our work is the first to point out that, unlike the case for standard (co)induction, monotonicity of generators seems not sufficient for guaranteeing the existence of least and greatest simultaneous fixed points in complete lattices, and that continuity on the other hand is sufficient for guaranteeing their existence.111This paper has been updated so as to not require the continuity of generators but only require their monotonicity. See Appendix C. A full revision of the paper to reflect the relaxed requirement is currently underway.
In the course of our presentation of mutual coinduction we also discuss some concepts related to standard (also called direct) induction and standard coinduction, as well as ones related to mutual (also called simultaneous or indirect) induction. During the presentation we purposely discuss particular standard concepts (namely, fixed points, least and greatest fixed points, pre-fixed points, post-fixed points, least pre-fixed points, and greatest post-fixed points) so as to help motivate the definitions of their more general counterparts for mutual/simultaneous/indirect (co)induction (namely, simultaneous fixed points, least simultaneous fixed points, greatest simultaneous fixed points, least simultaneous pre-fixed points and greatest simultaneous post-fixed points). Greatest simultaneous post-fixed points, in particular, will be abstractions and models of mathematical objects (e.g., points, sets, types, predicates, etc.) that are defined mutually-coinductively.
1 Introduction
Induction and coinduction, henceforth called *standard *(co)induction, present mathematical models for (standard) recursive definitions (also called direct recursive or self-recursive definitions). In the same way, mutual induction and mutual coinduction, henceforth called *mutual *(co)induction, present mathematical models for mutually-recursive definitions, which are sometimes also called indirect recursive definitions or simultaneous recursive definitions.
In other concurrent work we present, first, some practical motivations from programming languages theory for defining mutual (co)induction [10] (included in Appendix B of this paper temporarily), then we present some intuitions for their mathematical definitions as well as examples of their use in [9], and we also present possible formulations of mutual (co)induction in other mathematical disciplines in [8]. In that concurrent work we conclude that: if mutually-recursive functional programs can be reasoned about mathematically, then also imperative and object-oriented programs (even the worst such programs) can be reasoned about mathematically. Interested readers are invited to check this concurrent work.
This paper is structured as follows. We first motivate the formal definition of mutual (co)induction by presenting in 2 the formal definitions of standard (co)induction, in the context of order theory. Then we present in 3 the order-theoretic definitions of mutual (co)induction and we present the mutual (co)induction proof principles. (We present proofs for the lemmas and theorems of 3 in Appendix A.) We briefly discuss some related work in 4, then we conclude and discuss some possible future work in 5.
Our work here is a followup on our earlier introductory work in [2, 6, 5]. In addition to the practical motivations mentioned above (whose interest in we started in [1]), the work presented here has also been motivated by that earlier introductory work.
2 Standard Induction and Standard
Coinduction
The formulation of standard induction and standard coinduction, and of related concepts, that we present here is a summary of the formulation presented in [2, 2.1].
Let (‘is less than or equal to’) be an ordering relation over a set and let be an endofunction over (also called a self-map over , i.e., a function whose domain and codomain are the same set, thus mapping a set into itself).
Given a point , the point is called the -image of .
A point is called a pre-fixed point of if its -image is less than or equal to it, i.e., if
[TABLE]
Dually, a point is called a post-fixed point of if it is less than or equal to its -image, i.e., if
[TABLE]
A point is called a *fixed *point of if it is equal to its -image, i.e., if
[TABLE]
(A fixed point of is simultaneously a pre-fixed point of and a post-fixed point of .)
Now, if is a complete lattice over (i.e., if is an ordering relation where meets and joins of all subsets of are guaranteed to exist in ) and if is a monotonic* *endofunction over ( is then called a generator), then the *least pre-fixed point *of , called , exists in , by the Knaster-Tarski Fixed Point Theorem [20, 33], is also the least fixed point (lfp) of , and the greatest post-fixed point of , called , exists in and, again by the Fixed Point Theorem, is also the greatest fixed point (gfp) of .
Further, for any element we have:
- •
(standard induction)co if , then ,
which, in words, means that if is a pre-fixed/inductive point of , then point is less than or equal to (since , by definition, is the least -inductive point), and,
- •
(standard coinduction) if , then ,
which, in words, means that if is a post-fixed/coinductive point of , then point is less than or equal to point (since , by definition, is the greatest -coinductive point).
References
3 Mutual Induction and Mutual Coinduction
In this section we first present some intuition for mutual (co)induction as generalizations of standard (co)induction, then we present their formal definitions and formulate the associated proof principles. Our illustrated presentation includes a discussion of the continuity of generators, which seems necessary for proving the existence of simultaneous fixed points (but see Appendix C). In Appendix A we present proofs for the lemmas and theorems we present here.
Intuition
Intuitively, compared to standard (co)induction which involves one self-map from a poset to itself, mutual (co)induction involves two or more mappings between two or more ordered sets (i.e., posets). That’s all. In this paper, for simplicity, we focus only on the case involving just two mappings (also called generators) between two posets. As we define it below, our definition of mutual induction can be extended easily to involve more than two orderings, more than two underlying sets, and more than two mappings between the ordered sets. Also, it should be noted that in some practical applications of mutual (co)induction the two orderings, and their underlying sets, may happen to be the same ordering and set. For proper mutual (co)induction, however, there has to be at least two mutual generators/mappings between the two ordered sets.222Standard induction can then obtained as a special case of mutual induction by having one ordering and one underlying set and also having one of the two generators—or, more accurately, all but one of the generators—be the identity function. See also Footnote 5.
Also intuitively, the mutual induction and mutual coinduction proof principles are expressions of the properties of two points (i.e., elements of the two ordered sets) that are together (i.e., simultaneously) least pre-fixed points of each of the two generators and of two points that are together greatest post-fixed points of each of the two generators. As such mutual induction and mutual coinduction generalize the standard induction and standard coinduction proof principles. Further, in case the two orderings are complete lattices and the mappings are continuous (thereby called* generators* or mutual generators), the two least simultaneous pre-fixed points and the two greatest simultaneous post-fixed points will also be mutual fixed points (sometimes also called *simultaneous *or *reciprocal *fixed points) of the generators. (For a glimpse, see Figures 3.1, 3.2, and 3.3.)
Formulation
Let be an ordering relation over a set and let be a second ordering relation over a second set . Further, let and be two mutual endofunctions over and (also called *indirect *or reciprocal self-maps over and , i.e., two functions where the domain of the first is the same as the codomain of the second and vice versa, such that each of the two posets is mapped into the other).333As in [2], we are focused on unary functions in this paper because we are interested in discussing fixed points and closely-related concepts such as induction and coinduction, to which multi-arity seems to make little difference. For more details, see the brief discussion on arity and currying in [2]. Note that given two mutual endofunctions and we can always compose and to get the (standard) endofunctions and .444Upon seeing these compositions, readers familiar with category theory may immediately suspect a possible connection with adjunctions. That possibility of a connection will increase when readers check the definitions below, of simultaneous pre-fixed points and simultaneous post-fixed points. We intend to dwell on the possibility of such a connection in future work (or in later versions of this paper).,555Note that if we have (the two underlying sets are the same), (with the same orderings), and if (or , where is the identity function), then we obtain standard (co)induction as a special case of mutual (co)induction. In particular, all definitions presented below will smoothly degenerate to their standard counterparts (i.e., will correspond to ones for standard (co)induction. See 2).
Given points and , the point and the point are called the -image of and the -image of , respectively.
Two points , are called simultaneous (or mutual or reciprocal) pre-fixed points of and if the -image of is less than or equal to and the -image of is less than or equal to (that is, intuitively, if “the images of the two points are less than the two points themselves”), i.e., if
[TABLE]
Simultaneous pre-fixed points are also called mutually-inductive points of and . See Figure 3.1 for an illustration of simultaneous pre-fixed points.
- •
It should be immediately noted from the definition of simultaneous pre-fixed points that, generally-speaking, a single point can be paired with more than one point such that and form a single pair of simultaneous pre-fixed points of and . Symmetrically, a single point can also be paired with more than one point to form such a pair. (See Figure 3.2 for an illustration.)
- •
As such, two functions and that compute these sets of points in and , respectively, can be derived from and . In particular, we have
[TABLE]
[TABLE]
Note that for some points , the set can be the empty set , meaning that such points are not paired with any points in so as to form simultaneous pre-fixed points of and . Symmetrically, the same observation holds for some points and their images .666Note that in standard induction—or, more accurately, in the encoding of standard induction using mutual induction—(ultimately due to the transitivity of and ) it can be said that a standard pre-fixed point is “paired” with one point, namely itself, to form a pair of simultaneous pre-fixed points that encodes the standard pre-fixed point. In other words, standard pre-fixed points in standard induction, when encoded as mutual induction, correspond to simultaneous pre-fixed points (e.g., using the encoding we mentioned in Footnote 5), and vice versa (i.e., simultaneous pre-fixed points, in such an encoding, will correspond to standard pre-fixed points).
Dually, two points , are called simultaneous (or mutual or reciprocal) post-fixed points of and if is less than or equal to the -image of and is less than or equal to the -image of (that is, intuitively, if “the two points are less than their two own images”), i.e., if
[TABLE]
Simultaneous post-fixed points are also called mutually-coinductive points of and .
- •
Like for simultaneous pre-fixed points, a point or can be paired with more than one point of the other poset to form a single pair of simultaneous post-fixed points of and . (Similar to and , two functions and that compute these sets can be derived from and .)
Two points , are called simultaneous (or mutual or reciprocal) fixed points of and if the -image of is equal to and the -image of is equal to , i.e., if
[TABLE]
(As such, two simultaneous fixed points of and are, simultaneously, simultaneous pre-fixed points of and and simultaneous post-fixed points of and .)
- •
Unlike for simultaneous pre-fixed and post-fixed points, a point in or in can be paired with only one point of the other poset to form a pair of simultaneous fixed points of and .
Continuity
Unlike the case for standard (co)induction, where the monotonicity of generators is enough to guarantee the existence of least and greatest standard fixed points, due to the possibility of multiple pairings in and , the monotonicity of two mutual endofunctions and seems not enough for proving the existence of least and greatest simultaneous fixed points of and .777It so seemed to us in earlier versions of this paper—but now see Appendix C. However (as can be seen in the proofs in Appendix A), the continuity of the mutual endofunctions and does guarantee the existence of such fixed points. Hence, before proceeding with the formulation of mutual (co)induction we now introduce the important and useful concept of continuity.
Definition 1** (Continuous Mutual Endofunctions).**
Two mutual endofunctions and defined over two posets and are continuous mutual endofunctions if and only if for all subsets and whenever greatest lower bounds (also called glbs) and and least upper bounds (also called lubs) and exist (in and in ) then the corresponding points , , , and also exist (in and in ), and further, more significantly, we have
[TABLE]
[TABLE]
As such, if two mutual endofunctions and are continuous, then they are said to preserve the glbs and lubs in and , whenever these points exist.888In category theory jargon, if and are continuous then and are said to commute with the meet/glb () and join/lub () operations. (Even though somewhat similar, but the notion of continuity we use here is stricter and more uniform than the notion of Scott-continuity used in domain theory, which asserts that mappings preserve only lubs/joins of only directed subsets [32, 18, 12, 17, 15].)
Figure 3.3 illustrates meet-continuous (also called semi-continuous)* *mutual endofunctions and , which preserve only the glbs in and whenever they exist. Dually, join-continuous mutual endofunctions preserve only the lubs in and whenever they exist. As such, mutual endofunctions are (fully) continuous if and only if they are meet-continuous and join-continuous.
The continuity of two mutual endofunctions has a number of useful implications, some of which we use to prove that continuity guarantees the existence of least and greatest simultaneous fixed points.
- •
First, if and are continuous mutual endofunctions then and are also monotonic mutual endofunctions (Lemma 1 in Appendix A).
- –
Note that if and are monotonic but not continuous then we can only assert that the points and are lower bounds of the sets and , but not that they are necessarily the greatest lower bounds of these sets, and we can also only assert that the elements and are upper bounds of the two sets, respectively, but not that they are necessarily the least upper bounds of these sets. More precisely, if and are monotonic, but not necessarily continuous, then we only have
[TABLE]
[TABLE]
Compared to monotonicity, as such, the continuity of and can be seen as requiring or asserting the equality of these points whenever they exist, intuitively thereby “allowing no elements in between”. Continuity, thus, is said to allow functions and that “have no jumps” or “have no surprises”.
- •
Second, if and are continuous mutual endofunctions, then the compositions and are (standard) continuous endofunctions, and they are monotonic endofunctions too (Lemma 2 in Appendix A).
- –
Further, if and are complete lattices, then the composition functions and (like any standard monotonic endofunctions over complete lattices) have standard pre-fixed points and standard post-fixed points in and respectively. Even further, the components and of simultaneous fixed points of and are always, each component individually, among the standard fixed points of the compositions and (Lemma 3 in Appendix A). The converse, however, does not necessarily hold.
- •
Third, if and are continuous mutual endofunctions then and (and their compositions) map complete lattices to complete lattices (note that, by definition, the empty set is not a complete lattice, and that a singleton poset is a trivial complete lattice). In other words, if subsets and happen to be complete sublattices of and then and are either empty or are complete sublattices of and respectively (Lemma 4 in Appendix A).
- •
Fourth and finally, if and are continuous mutual endofunctions, then for all and the posets and are complete lattices (Lemma 5 in Appendix A). Continuity also guarantees the existence of least simultaneous pre-fixed points (Lemma 6 in Appendix A). We use continuity to prove that the least simultaneous pre-fixed points are also the least simultaneous fixed points (** (The Simultaneous Fixed Points Theorem).** in Appendix A).999Note that singleton posets are trivial complete lattices. As such, this condition is already satisfied in an encoding of standard (co)induction using mutual (co)induction. That is because in such an encoding a given pre-fixed point is an element that is paired with precisely one element, namely itself, to form a pair of simultaneous pre-fixed points. Thus, in mutual (co)induction encodings of standard (co)induction, the sets , , , and are always either or singleton posets for all and all .
Having made a digression to discuss the continuity of mutual endofunctions, and some of its implications, we now resume our formulation of mutual (co)induction.
Now, if is a complete lattice over and is a complete lattice over (i.e., if is an ordering relation where meets and joins of all subsets of are guaranteed to exist in , and similarly for , , and in ) and if and are* continuous* mutual endofunctions over and then we have the following:
- •
and are called simultaneous generating functions (or simultaneous generators or *mutual generators *or reciprocal generators),
- •
the *least simultaneous pre-fixed points *of and , called and , exist in and ,
- •
together, the points and are also the least simultaneous fixed points of and (as we prove in ** (The Simultaneous Fixed Points Theorem).**),
- •
the greatest simultaneous post-fixed points of and , called and , exist in and , and
- •
together, the points and are also the greatest simultaneous fixed points of and (as we prove in ** (The Simultaneous Fixed Points Theorem).**).
Further, given that and are the least simultaneous pre-fixed points* *of and and and are the *greatest simultaneous post-fixed points *of and , for any element and we have:
- •
(mutual induction)co if and , then and ,
which, in words, means that if and are simultaneous pre-fixed/inductive/large points of and , then points and are less than or equal to and (i.e., and are the smallest simultaneously-large points of and ), and,
- •
(mutual coinduction) if and , then and ,
which, in words, means that if and are simultaneous post-fixed/coinductive/small points of and , then points and are less than or equal to points and (i.e., and are the largest simultaneously-small points of and ).
4 Related Work
The work closest to the one we present here seems to be that of Paulson, presented e.g. in [26], to support the development of the Isabelle proof assistant [23]. We already mentioned in 1 the influence of Paulson’s work on motivating our definition of mutual coinduction (we discuss this motivation, and others, in more detail in [10]). Due to Paulson’s interest in making some form of coinduction available in systems such as Isabelle [27], Paulson was interested only in the set-theoretic definition of standard (co)induction and mutual (co)induction [24] (the set-theoretic definition, according to [27], ‘was definitely the easiest to develop, especially during the 1990s, when no general mechanisation of lattice theory was even available’).
More technically, it seems Paulson was interested in requiring generators to be monotonic (as opposed to requiring their continuity, which is sometimes viewed as an undesirably strong assumption [30, p.72]). As such, Paulson used monotonic generators over the powerset of a disjoint sum domain so as to define (or, rather, encode) mutual set-theoretic (co)induction using standard set-theoretic (co)induction101010Via noting an order-isomorphism between (the powerset of a disjoint sum) and (the product of powersets). In our opinion the use of the disjoint sum in Paulson’s definition of mutual (co)induction, while technically clever, is unnatural and unintuitive (as demonstrated, e.g., in the examples of [24, 4.5]).. Additionally, in [24, p.33] Paulson stated that the standard Fixed Point Theorem has been proven in Isabelle ‘only for a simple powerset lattice,’ which made Paulson limit his interests to such “simple powerset lattices,” even when the theorem applies to any complete lattice [16, 13], not just to a particular instance (i.e., not only to powerset lattices). As such, in summary, it seems to us that Paulson, for considerations related to his interests in automated theorem proving, was not interested in considering the continuity of generators in his work.
While not particularly aimed at semantics, Paulson’s work on mutual (co)induction, indirectly, provided semantics for mutual (co)inductive datatypes in functional programming languages (e.g. ML), where mutual datatype constructors were modeled by mutual generators. Functional programming languages, however, are largely structurally-typed and structurally-subtyped. Given that we have a general interest, rather, in providing semantics for datatypes in mainstream object-oriented programming languages (such as Java, C#, Scala, and Kotlin), which are typically nominally-typed and nominally-subtyped programming languages, our interest is more in the order-theoretic formulation of mutual (co)induction.111111See [7, 11], [8] and also [6, 5, 10] for a discussion of why order-theory and category-theory seem to be more suited than set-theory for modeling nominally-typed and nominally-subtyped programming languages.
Given the difference between our work and Paulson’s work regarding how mutual (co)induction is technically formulated, motivated by the different goals behind the two formulations, we anticipate that results in both works (particularly regarding the definition of simultaneous fixed points) are not in one-to-one correspondence with each other. We, however, keep a more detailed comparison of the formulation of mutual coinduction we present here to the formulation of Paulson—which may reveal more similarities and resolve some of the differences between the two formalizations—for future work.
Another work that is related to ours is the work presented in [14]. Since the work in [14] builds on that of Paulson, and has similar aims in supporting the development of Isabelle, the work in [14] adopts the same specific set-theoretic view of mutual (co)induction as that of Paulson.
5 Conclusion and Future Work
Standard induction (which includes the standard notions of mathematical induction and structural induction) is well-known, and it is relatively easy reason about. Standard coinduction is also known, but it is a bit shrouded in mystery and unreasonability121212Likely due to its strong connections with negation [21, 6].. Mutual induction is also known, if somewhat to a lesser extent than standard induction. Mutual induction is a bit harder to reason about than standard induction however. Mutual coinduction—our main interest in this paper—is, however, almost unknown, and has (so far) been perceived as being both mysterious and hard to reason about. We hope that this paper, via presenting the definition of mutual coinduction as a simple generalization of the order-theoretic definition of standard coinduction, has put mutual coinduction into more familiar light, and that, by presenting a proof of a related proof principle, it has also made mutual coinduction simpler to reason about.
While the continuity condition on generators in our formulation of mutual (co)induction is sufficient for proving the existence of least and greatest simultaneous fixed points in complete lattices (while monotonicity seems insufficient), yet it is not clear to us whether (full) continuity is necessary for such a proof. It may be useful to consider, in some future work, the possibility of relaxing the continuity condition, while still guaranteeing the existence of simultaneous fixed points. In particular, it may be useful to consider the effect of having other more liberal continuity conditions, such as Scott-continuity, on the existence of simultaneous fixed points. It may be also useful to study simultaneous pre-fixed points and simultaneous post-fixed points that are not necessarily fixed points (as is done, for example, in the study of algebras and coalgebras in category theory).
As another possible future work that can build on the definition of mutual coinduction we present here, it may be useful to consider defining infinite mutual coinduction, which, as we conceive it, generalizes mutual coinduction to involve an infinite (countable, or even uncountable!) number of orderings and generators. As of the time of this writing, we are not aware of immediate applications of infinite mutual coinduction. Given the mystery surrounding both coinduction and some particular areas of science, though, we conjecture that infinite mutual coinduction (if it is indeed reasonably definable) may have applications in areas of science such as quantum physics, e.g., by it offering mathematical models of quantum phenomena such as superposition, entanglement, and/or interference131313For example, Penrose calls in [28] for some new kind of mathematics for having an accurate understanding of our universe. Perhaps infinite mutual coinduction is a piece of such “new math.”. In agreement with this conjecture, we also intuit and conjecture that infinite mutual coinduction may have an impact on quantum computing, including reasoning about quantum programs and quantum software.
Appendix A Lemmas, Theorems and Proofs
In this appendix we present proofs for the lemmas and theorems of 3.
A.1 Supporting Lemmas
Lemma 1** (Continuous Functions are Monotonous).**
If and are continuous mutual endofunctions over posets and then and are also monotonic, i.e., for all
[TABLE]
and for all
[TABLE]
Proof.
Let such that (i.e., in Definition 1, take where ). From the definition of (as a greatest lower bound), we particularly have
[TABLE]
By the continuity of , we also have . Given that , we have and thus, further, we have . As such, we have . Substituting for (the l.h.s.) in (A.1), we get , as required.
Similarly for . ∎
Lemma 2** (Composition Preserves Monotonicity and Continuity).**
If and are monotonic (continuous) mutual endofunctions over posets and , then the compositions and are monotonic (continuous) endofunctions over and respectively.
Proof.
By substitution, since and for all , then, by the monotonicity of then that of , we have
[TABLE]
i.e., that is monotonic.
Similarly, for all , the monotonicity of then of implies
[TABLE]
i.e., that is monotonic.
Using a very similar but much more tedious argument we can prove that composition preserves continuity. ∎
Lemma 3** **(Components of Simultaneous Fixed Points are Standard Fixed Points
of Compositions).
If and are monotonic mutual endofunctions over posets and , then the components of their simultaneous pre-/post-/fixed points are standard pre-/post-/fixed points of the compositions and .
Proof.
For each pair of points and of simultaneous pre-fixed points of and , by the definition of simultaneous pre-fixed points we have both inequalities
[TABLE]
Applying to both sides of the first inequality, the monotonicity of implies that .141414Note that continuity is not needed here. Combining this with the second inequality via the common expression , we have
[TABLE]
Then, by the transitivity of ,
[TABLE]
i.e., point is a standard pre-fixed point of the composition .
Symmetrically, by applying to both sides of the second inequality, the monotonicity of implies that
[TABLE]
and thus, by the transitivity of , point is a standard pre-fixed point of the composition . (See Figure A.1 for illustration.)
A dual argument implies that components of simultaneous post-fixed points of and are standard post-fixed points of and respectively.
Combining both results implies that components of simultaneous fixed points of and are also standard fixed points of and . ∎
Lemma 4** (Continuous Functions Preserve Complete Lattices).**
If and are continuous mutual endofunctions over posets and , then for all subsets and , if and are complete sublattices of and then the images and are also complete sublattices of and , respectively.
Proof.
First, let’s consider the case where is a complete lattice. By the definition of a complete lattice, the points and exist in for all subsets . As such, the points and exist in , and, accordingly, by the definition of , are also members of . By the continuity of , we also have and . As such, for any image set a greatest lower bound, , and a least upper bound, , exist. Further, because of the continuity of , these two points are members of . Thus, all subsets of have images of their glbs and lubs in . That by itself does not, however, prove that the set is a complete lattice, yet.
To prove that is a complete lattice, we have to prove that the points and exist in for all sets . Given that is subset of , the image of , then there exists some (one or more) set such that . Pick one such set .151515Sounds like the Axiom of Choice is needed here. Then, for that particular , we have and . Since we proved that for all sets the points and are members of , we conclude that and are members of for all sets . As such, the set is a complete lattice.
Next, by a symmetric argument, if is a complete lattice then, by the continuity of , the set is also a complete lattice, as required. ∎
Lemma 5** **(Component Images of Simultaneous Pre-/Post-Fixed Points form Complete
Lattices).
If and are continuous mutual endofunctions over complete lattices and , then, for all and , the component image sets , , , and , as defined in 3,* are either empty or are complete lattices.*
Proof.
For a point such that is nonempty, define
[TABLE]
Since is a complete lattice, the set (as a subset of ) has a greatest lower bound and a least upper bound that are members of . To prove that itself is a complete lattice, first we prove that these two points (i.e., the glb and lub of ) are members of .
Let’s note that for all points where is non-empty we always have the point as a member of . That’s because, by the reflexivity of , we have . Further, using Lemma 3, we have . As such, by the definition of simultaneous pre-fixed points, the points and are simultaneous pre-fixed points of and .161616This brings one of the most delicate points in proving the mutual (co)induction principles. Note that and are not necessarily simultaneous pre-fixed points for all , but that, according to Lemma 3, points and are simultaneous pre-fixed points only whenever there is some (possibly equal to , and possibly not) such that and are simultaneous pre-fixed points of and , i.e., such that witnesses, via , that . In particular, it is not necessarily true that for all we have (Otherwise, all elements would have formed simultaneous pre-fixed points of and , simply by pairing each with . This goes counter to intuitions about mutual (co)induction, since it would eventually lead to concluding that all points of —and similarly of —are simultaneous fixed points of and !). Readers should be aware of this delicate and tricky point specific to mutual (co)induction. That’s because this point has no counterpart in standard (co)induction (or, at least, has no obvious counterpart, since in an encoding of standard (co)induction using mutual (co)induction, where say , we will have only if ). Hence, . Given that, by the definition of , the point is less than or equal to all members of , we have
[TABLE]
and, as such, the greatest lower bound of is a member of , i.e., we have as needed.
For , we prove that it is a member of more directly, using the definition of and the continuity of . As for any member of , for to be a member of we must have and . The first condition is satisfied since we just proved that is exactly , and, as for any set, we have whenever such points exist, and as such we have . For the second condition (this is where continuity is needed), we have by continuity. Since, by the definition of , all members of are less than or equal to , then is an upper bound of . As such, we have . Hence, for , we have , as required. Hence, as needed.
Since the greatest lower bound of and the least upper bound of are members of , so far we can assert that the set is a bounded poset.
To prove that is not only a bounded poset but, rather, that it is a complete lattice, we have to also consider proper subsets of . The argument for proper subsets of is very similar to the one we just used for (as an improper subset of itself). In particular, let be some proper subset of (i.e., is some set of points of that, paired with , are simultaneous pre-fixed points of and ). Again, since is a complete lattice, the elements and exist. We proceed to prove that these points are also members of .
In particular, to be members of the two points and have to satisfy the membership condition of , i.e., they have to form, when paired with , simultaneous pre-fixed points of and . Again using the continuity of , we can see that this is true since, like we had for and , we have
[TABLE]
[TABLE]
As such, points and are members of . Thus, is a complete lattice.
Using a symmetric argument and the continuity of , we can also prove that the set is either empty or is a complete lattice for all . (Figure A.1 illustrates the sets and .)
Dually, we can also prove that, for all and , the sets and are either empty or are complete lattices, as required. ∎
Lemma 6** (Components of Pre-/Post-Fixed Points form Complete Lattices).**
If and are continuous mutual endofunctions over complete lattices and , then the sets
[TABLE]
[TABLE]
of all components of simultaneous pre-fixed points are complete sublattices of and , respectively. Similarly for simultaneous post-fixed points.
Proof.
First, let’s note that the definitions of and mean that is the set of all where there is some such that the -image of is less than and the -image of is less than and, symmetrically, that is the set of all where there is some such that the -image of is less than and the -image of is less than . (As such, the variables and in Equations (A.2) and (A.3) range over the set of all simultaneous pre-fixed points of .)
Note also that and , but that Lemma 5 does not (by itself) imply that and are complete lattices, since the union of complete lattices is not necessarily a complete lattice.
We do proceed, though, similarly to first prove that is a meet-complete lattice. Particularly, assuming , we prove that . Since is a complete lattice, the point exists in , and since is a subset of then the image set is a subset of (by the definition of ). By continuity, we have . Also, let the set
[TABLE]
be the set of all points in that form simultaneous pre-fixed points when paired with some point in . Given that for each point there exists a point such that and (by the definition of simultaneous fixed points), then the meet of all points is less than or equal to the meet of all points , i.e., we have . Using a similar argument, we also have . By continuity, substituting for and we have
[TABLE]
As such, for all , the point , when paired with the point , forms a pair of simultaneous pre-fixed points of and , and is thus a member of . As such, is a meet-complete lattice. (Figure A.2 illustrates the proof for subsets of and that have two elements.)
Dually, we can prove that set is also a join-complete lattice (with the point , the top element of , at its top). Hence, set is a meet-complete lattice and a join-complete lattice, i.e., is a complete lattice.
Symmetrically, or by using Lemma 4, we can prove that set also is a complete lattice (with the point , the top element of , at its top). As such, the sets of all components of simultaneous pre-fixed points are complete lattices.
Dually, we can also prove that the two sets and of all components of simultaneous post-fixed points—i.e., duals of sets and —are complete lattices (with the points and at their bottom), as required. ∎
A.2 The Simultaneous Fixed Points Theorem
The following theorem, asserting the existence of least and greatest simultaneous fixed points, is the central theorem of this paper.171717To the best of our knowledge, neither mutual (co)induction as we define it in this paper nor a proof of the Simultaneous Fixed Points Theorem have been presented formally before.
Theorem 1** (The Simultaneous Fixed Points Theorem).**
If and are two complete lattices and and are two continuous mutual endofunctions (i.e., two simultaneous generators) over and then we have the following:
- •
the *least simultaneous pre-fixed points *of and , called and , exist in and ,
- •
and are also the least simultaneous fixed points of and ,
- •
the greatest simultaneous post-fixed points of and , called and , exist in and , and
- •
and are also the greatest simultaneous fixed points of and .
Proof.
Let the set
[TABLE]
and the set
[TABLE]
be the sets of all components of simultaneous pre-fixed points of and , and let points be defined as
[TABLE]
By Lemma 6, points are guaranteed to exist as the least elements of and . By the antisymmetry of and , we can conclude that
[TABLE]
First, we note that because is the least element of and thus, according to the definition of simultaneous pre-fixed points (and as noted in the proof of Lemma 5), its image is less than any element of , including the point , but, second, also we note that since is the least element of and thus is less than any point in , including the point . By the antisymmetry of , we conclude that .
Symmetrically, we also have .
As such, the points and are simultaneous fixed points of and . They are also the least simultaneous pre-fixed points of and since, by Equation (A.6), less-demandingly we have
[TABLE]
meaning that points and are simultaneous pre-fixed points of and , and, by the individual uniqueness and minimality of each of and (as the meets of the complete lattices and ), points and are the least such points.
Now we have established both that form the least simultaneous pre-fixed points of and , and that are simultaneous fixed points of and , so are the least simultaneous fixed points of and .
Using a dual argument, we can also prove that , where sets and are the duals of sets and (see proof of Lemma 6), are the greatest simultaneous fixed points of , as required. ∎
Appendix B Motivations from PL Theory
The significance of mutually-recursive definitions in programming languages (PL) semantics and PL type theory is illustrated in the following examples.
B.1 Mutual Recursion at The Level of Data Values
Lawrence Paulson, in his well-known book ‘ML for the Working Programmer’ [25, p.58], made some intriguing assertions, and presented an intriguing code example. According to Paulson, “Functional programming and procedural programming are more alike than you may imagine”—a statement that some functional programmers today are either unaware of, may oppose, or may silently ignore. Paulson further states, verbatim, that “Any combination of goto and assignment statements — the worst of procedural code — can be translated to a set of mutually recursive functions.”
Then Paulson presents a simple example of imperative code. Here it is.
var x := 0; y := 0; z := 0;
F: x := x+1; goto G
G: if y<z then goto F else (y := x+y; goto H)
H: if z>0 then (z := z-x; goto F) else stop
To convert this imperative code into pure functional code, Paulson then suggests: “For each of the labels, F, G, and H, declare mutually recursive functions. The argument of each function is a tuple holding all of the variables.”
Here’s the result when the method is applied to the imperative code above:
fun F(x,y,z) = G(x+1,y,z)
and G(x,y,z) = if y<z then F(x,y,z) else H(x,x+y,z)
and H(x,y,z) = if z>0 then F(x,y,z-x) else (x,y,z);
Calling F(0,0,0) gives x, y, and z their initial values for execution, and returns (1,1,0)—the result of the imperative code. As such, Paulson concludes that: “Functional programs are referentially transparent, yet can be totally opaque”— a statement which we read to mean that, for PL theorists in general if not also for many mathematicians, functional programs (FP) are [usually] easy to reason about, yet can [sometimes] be very hard to reason about. Then Paulson concludes his discussion by sounding the siren: “If your code starts to look [sic] like this, beware!”
We can also introduce object-oriented programming (OOP) in this discussion. In particular, a possible translation of Paulson’s imperative code to (non-imperative) OO code is as follows (in [1] we present a translation to a slightly more-succinct imperative OO code):
class C {
final x, y, z: int
// constructor
C(xx,yy,zz: int) { x = xx; y = yy; z = zz }
C F() { new C(x+1,y,z).G() }
C G() {
**if** y < z then **this**.F()
**else** **new** C(x,x+y,z).H() }
C H() {
**if** z > 0 then **new** C(x, y, z-x).F()
**else** **this** }
}
Now, similar to Paulson’s functional program, calling new C(0,0,0).F() gives the fields x, y, and z their initial values for execution, and returns an object equivalent to new C(1,1,0)—i.e., equivalent to the result of the imperative code.
Pondering a little over some of the “worst” imperative code and over its translations to mutually-recursive functional and object-oriented code suggests a strong similarity—if not equivalence—between OOP, mutually-recursive FP, and procedural/imperative programming. Further, this discussion implies that the mathematical-reasoning benefits of functional programming—particularly the relative simplicity of such reasoning—seem to crucially depend on not heavily using mutually-recursive function definitions (Paulson’s concluding warning can be read as an explicit warning against writing heavily mutually-recursive functional code). As the imperative code and the OOP translation illustrate, and as is commonly known among mainstream and industrial-strength software developers, however, heavily mutually recursive definitions seem to be an essential and natural feature of real-world/industrial-strength programming.
More significantly, the above translation between imperative, functional and object-oriented code seems to also tell us that:
if mutually-recursive functional programs can be reasoned about mathematically,
then also imperative and object-oriented programs (even the worst such programs)
can be reasoned about mathematically.
A main objective behind the formal definition of mutual (co)induction in this paper is to help in reasoning about mutually-recursive functional programs mathematically (possibly making it even as simple as reasoning about standard recursive functional programs is, based on using the standard (co)induction principles), and, ultimately, to thereby possibly help in reasoning about (even the worst?) imperative and object-oriented programs mathematically too.
It should be noted that sometimes it is possible to reexpress mutual recursion (also called indirect recursion) or convert it into standard recursion (also called direct recursion), e.g., using the inlining conversion method presented in [19, 34] or ‘with the help of an additional argument’ as suggested by Paulson also in [25, p.58]. From the results in [19, 34], however, not all mutual recursion can be converted to standard recursion. Extending from these results, while it is possible that some mutual (co)inductive definitions can be converted to or encoded using standard (co)inductive definitions, we conjecture that not all mutual (co)induction can be translated into standard (co)induction. Hence, the need arises for a genuine formal definition of mutual (co)induction that does not involve an encoding or translation of it into terms of standard (co)induction.
B.2 Mutual Recursion at The Level
of Data Types
The previous section discussed mutual recursion at the level of values (i.e., mutually-recursive data values, functions, or methods). As is well-known in PL type theory, mutually-recursive types are essential for typing mutually-recursive data values [22, 29]. Given the ubiquity of mutually-recursive data values in OOP (via the special variable this/self), mutually-recursive data types and mutually-recursive data type constructors (e.g., classes, interfaces, traits, … etc.) are ubiquitous in industrial-strength statically-typed OOP as well (e.g., in Java, C#, C++, Kotlin, and Scala).
Further, in generic OOP languages such as Java, variance annotations (such as wildcard types in Java) can be modeled by and generalized to interval types [4]. As presented in [4], the definition of ground types in Java depends on the definition of interval types, whose definition, circularly (i.e., mutually-recursively), depends on the definition of ground types. Further, the subtyping relation between ground types depends on the containment (also called subintervaling or interval inclusion) relation between interval types, and vice versa. As such, the set of ground types and the set of interval types in Java are examples of mutual recursive sets, and the subtyping and the containment relations over these sets, respectively, are mutually recursive relations too. (See [3, 4] for how, under an inductive interpretation, both sets—types and interval types—and both relations—subtyping and containment—can be iteratively constructed from the given set of classes of a Java program together with the subclassing relation between these classes).
To illustrate all aspects of mutual recursion in OOP (i.e., at the level of type, at the level of values, and in defining types/subtyping and interval types/containment), the following OO code, written in an imaginary Java-like language, presents a simple set of mutually recursive classes to model the mutual recursion between in the definition of types and interval types.
class Class {
String name; // holds the name of the class
}
class Type {
Class c;
Interval i; // the type arg of c. null if c is not generic
}
class Interval {
Type UBnd; // the upper bound of the interval type
Type LBnd; // its lower bound
}
// Note the mutual recursion (at the level of types) between
// the definitions of classes Type and Interval
And the following code adds to the code above a simple set of mutually recursive methods to model the mutual recursion in the definitions of the subtyping and containment relations.
class Class {
String name;
bool isSubclassOf(Class c) {
*// Handle special classes Null and Object*
**if**(**this** == NullCls || c == ObjCls) **return** **true**;
*// Else check if this class inherits from class c*
**return** inher_table.lookup(**this**, c);
}
}
class Type {
Class c;
Interval i;
bool isSubtypeOf(Type t){
*// assuming that i and t.i are not null,*
*// ie, that c and t.c are generic*
**return** c.isSubclassOf(t.c) && i.isSubintOf(t.i)
}
}
class Interval {
Type UBnd;
Type LBnd;
bool isSubint(Interval i){
*// covar in upperbound, contravar in lower bound*
**return** UBnd.isSubtypeOf(i.UBnd) && i.LBnd.isSubtypeOf(LBnd)
}
}
// Note the mutual recursion (at the level of values) between
// the definitions of methods isSubtypeOf and isSubintOf
B.3 Mutual Coinduction in OOP
As discussed in detail in B.2, mutually recursively definitions exist in OOP at two levels: at the level of values (via this) and at the level of types (i.e., between classes, and in the definition of the subtyping and containment relations). It should be noted that the subtyping relation is covariant/monotonic w.r.t. containment, and that containment is covariant w.r.t. subtyping in the first argument (i.e., w.r.t. the upper bound of an interval type) and is contravariant w.r.t. the second argument (i.e., w.r.t. the lower bound of an interval type). As such, in Java with interval types, subintervals generates subtypes, and subtypes in the upper bounds of interval types generates subintervals, while subtypes in the lower bounds of interval types generates superintervals. .
Just as for standard (co)induction, where the notions of (least) pre-fixed points and (greatest) post-fixed points have relevance and practical value even when such points do *not *correspond to fixed points, e.g., when the underlying posets are not complete lattices or when the generators are not monotonic (see, for example, [5, 2]), we expect that the notions of (least) simultaneous pre-fixed points and (greatest) post-fixed points to have relevance and practical value even when these points do not correspond to simultaneous fixed points, e.g., when the underlying posets are not complete lattices or when the generators are not continuous (and may not be even monotonic).
Appendix C Requiring Only Monotonicity
While the proofs presented in Appendix A are correct, and the continuity of simultaneous/mutual generators does indeed guarantee the existence of least and greatest simultaneous fixed points in complete lattices, but, as we suggested in Section 5, in this appendix we explain how indeed monotonicity of the generators alone is enough to prove the existence of least and greatest simultaneous fixed points, thereby relaxing the condition on generators.
The first hint that monotonicity is enough (that in fact is not just a hint but is a proof, albeit an indirect one) comes from the fact that monotonic mutual generators over complete lattices can be represented or encoded, in a standard way, as one monotonic generator over one complete lattice, for which a (standard) least and greatest fixed point is guaranteed to exist (by the standard Knaster-Tarski theorem), and in which the least fixed point and the greatest fixed point correspond directly to the least simultaneous fixed point and the greatest simultaneous fixed point of the original mutual generators.
In particular, as in Appendix A, let and be two monotonic mutual generators over complete lattices and . Then the product is also a complete lattice under the standard component-wise ordering (i.e., where ). Further, the function is a monotonic function over (given the monotonicity of and ). As such, by the standard Knaster-Tarski theorem, function is a generator over the complete lattice that has a least fixed point and a greatest fixed point . Given our definition of a simultaneous pre-fixed point of and (as one where ) implies that (the least fixed point of ) is a simultaneous pre-fixed point of and , is the least such point, and, thus, is also the least simultaneous fixed point of and . Similarly, we can conclude that (the greatest fixed point of ) is the greatest simultaneous fixed point of and .
It should be noted, though, that while this proof does not require the continuity of and , it only indirectly constructs the least and greatest simultaneous fixed points of and as decodings of the least and greatest fixed points of another function (). Below we present a more direct proof of the existence of these simultaneous fixed points that does not depend on the conclusion of the standard Knaster-Tarski theorem, and that also discusses the issue of multiplicity of pairings in simultaneous pre-fixed and simultaneous post-fixed points (which we discussed in Section 3, and led us to consider using continuity). We believe our next proof, while more intricate and involved that the encoding proof, does reveal a bit more about the structure and the inner workings of mutual (co)induction than a standard encoding of mutual (co)induction in terms of standard (co)induction does.
As an appetizer and source of intuition, let’s first note the following lemma.
Lemma 7** **(The lub (glb) of components of simultaneous pre(post)-fixed (post-fixed)
points forms a simultaneous pre(post)-fixed point.).
Given the definitions of Theorem (1), if and are two simultaneous pre-fixed points then, by the monotonicity of G, is a simultaneous pre-fixed point, and, dually, if and are two simultaneous post-fixed points then, by monotonicity of , is a simultaneous post-fixed point.
Further, if and are two simultaneous pre-fixed points then, by the monotonicity of G, is a simultaneous pre-fixed point, and, dually, if and are two simultaneous post-fixed points then, by the monotonicity of , is a simultaneous post-fixed point as well.
Proof.
We have and and and , which means is a lower bound of and but is the greatest lower bound and hence (1). By the monotonicity of , , and thus, by transitivity, we have (2). Combining (1) and (2), the pair is a simultaneous pre-fixed point too. (Trying to do this for fails since monotonicity does not necessitate that but continuity does … and to prove the existence of a least simultaneous fixed point this extra requirement is actually not needed).
Dually, the monotonicity of also can be used to prove that and and and implies that ( is greater than or equal the least upper bound of and ) and that and, hence, that is a simultaneous post-fixed point. ∎
Similarly, by the monotonicity of , if and are simultaneous pre-fixed points then is a simultaneous pre-fixed point (but not necessarily ), and if and are simultaneous post-fixed points then is a simultaneous post-fixed point (but not necessarily ).
Given the intuitions provided by Lemma 7 and its dual we can now prove, more directly, the existence of a lsfp and gsfp as follows. In particular, we prove, now using monotonicity alone, that the points and defined in Equations (A.4) and (A.5) on page A.5 form the least simultaneous fixed point. We do so in two steps, where we first prove that and form the least simultaneous pre-fixed point, then that they form a simultaneous fixed point, from which we conclude that and define the least simultaneous fixed point of and (only assuming the monotonicity of and but not requiring their continuity).
To prove that and define a simultaneous pre-fixed point first let’s note that by the monotonicity of 181818Note that the greatest lower bound (glb) of any set is less than or equal any element of the set, and thus applying a monotonic function to the glb produces an element less than or equal to the value of the function at any element of the set, and is thus a lower bound of the set of function values. In particular, implies that for each and all ., we have
[TABLE]
Now, from the definition of simultaneous pre-fixed points we have . As such, by the transitivity of , we have . Thus, is a lower bound of Given that is the greatest lower bound of thus we have . Similarly, we can prove that , thereby proving that and define a simultaneous pre-fixed point.
Further. the definitions of and as the least elements of and , respectively, show that they define the least simultaneous pre-fixed point.
Now, following a reasoning much similar to that used in the proof of the standard Knaster-Tarski fixed point theorem (but not using its conclusion) (e.g., see [29, p.283]), we can prove that and also define a simultaneous fixed point.
As such, given that each simultaneous fixed point is a simultaneous pre-fixed point, then combining the conclusions of both steps lets us conclude that and define the least simultaneous fixed point (lsfp).
Using a dual argument we can prove, only assuming the monotonicity of and , that points and (as defined in Theorem 1) define the greatest simultaneous fixed point (gsfp) of and .
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1[1] Moez A. Abdel Gawad. Object-oriented theorem proving (OOTP): First thoughts. ar Xiv:cs.PL/1712.09958 , 2017.
- 2[2] Moez A. Abdel Gawad. Induction, coinduction, and fixed points: A concise comparative survey. ar Xiv:cs.LO/1812.10026 , 2018.
- 3[3] Moez A. Abdel Gawad. Java subtyping as an infinite self-similar partial graph product. ar Xiv:cs.PL/1805.06893 , 2018.
- 4[4] Moez A. Abdel Gawad. Towards taming Java wildcards and extending Java with interval types. ar Xiv:cs.PL/1805.10931 , 2018.
- 5[5] Moez A. Abdel Gawad. Induction, coinduction, and fixed points in PL type theory. ar Xiv:cs.LO/1903.05126 , 2019.
- 6[6] Moez A. Abdel Gawad. Induction, coinduction, and fixed points: Intuitions and tutorial. ar Xiv:cs.LO/1903.05127 , 2019.
- 7[7] Moez A. Abdel Gawad. Java generics: An order-theoretic approach (abridged outline). ar Xiv:cs.PL/1906.11197 , 2019.
- 8[8] Moez A. Abdel Gawad. Mutual (co)induction and simultaneous fixed points (in order theory, set theory, type theory, first-order logic, and category theory): A concise comparative survey. Under preparation. ar Xiv:cs.LO/1909.xxxxx , 2019.
