Keywords

1 Introduction

Monadic Second-Order Logic (\(\mathsf {MSO}\)) over \(\omega \)-words is a simple yet expressive language for reasoning on non-terminating systems which subsumes non-trivial logics used in verification such as \(\mathsf {LTL}\) (see e.g. [2, 30]). \(\mathsf {MSO}\) on \(\omega \)-words is decidable by Büchi’s Theorem [6] (see e.g. [24, 29]), and can be completely axiomatized as a subsystem of second-order Peano’s arithmetic [28]. While \(\mathsf {MSO}\) admits an effective translation to finite-state (Büchi) automata, it is a non-constructive logic, in the sense that it has true (i.e.provable) \(\forall \exists \)-statements which can be witnessed by no continuous stream function.

On the other hand, Church’s synthesis [8] can be seen as a decision problem for a strong form of constructivity in \(\mathsf {MSO}\). More precisely (see e.g. [12, 32]), Church’s synthesis takes as input a \(\forall \exists \)-formula of \(\mathsf {MSO}\) and asks whether it can be realized by a finite-state causal stream transducer. Church’s synthesis is known to be decidable since Büchi-Landweber Theorem [7], which gives an effective solution to \(\omega \)-regular games on finite graphs generated by \(\forall \exists \)-formulae. In traditional (theoretical) solutions to Church’s synthesis, the game graphs are induced from deterministic (say parity) automata obtained by McNaughton’s Theorem [19]. Despite its long history, Church’s synthesis has not yet been amenable to tractable solutions for the full language of \(\mathsf {MSO}\) (see e.g. [12]).

In recent works [25, 26], the authors suggested a Curry-Howard approach to Church’s synthesis based on intuitionistic and linear variants of \(\mathsf {MSO}\). In particular, [26] proposed a system based on (intuitionistic) linear logic [13], in which via a translation , the provable -statements exactly correspond to the realizable instances of Church’s synthesis. Realizer extraction for is done via an external realizability model based on alternating automata, which amounts to see every formula \(\varphi (a)\) as a formula of the form \((\exists u)(\forall x)\varphi _{\mathcal {D}}(u,x,a)\), where \(\varphi _{\mathcal {D}}\) represents a deterministic automaton.

In this paper, we use a variant of Gödel’s “Dialectica” functional interpretation as a syntactic formulation of the automata-based realizability model of [26]. Dialectica associates to \(\varphi (a)\) a formula \({\varphi ^D}(a)\) of the form \((\exists u)(\forall x){{\varphi }_D}(u,x,a)\). In usual versions formulated in higher-types arithmetic (see e.g. [1, 16]), the formula \({{\varphi }_D}\) is quantifier-free, so that \({\varphi ^D}\) is a prenex form of \(\varphi \). This prenex form is constructive, and a constructive proof of \(\varphi \) can be turned to a proof of \({\varphi ^D}\) with an explicit witness for \(\exists u\). Even if Dialectica originally interprets intuitionistic arithmetic, it is structurally linear, and linear versions of Dialectica were formulated at the very beginning of linear logic [21,22,23] (see also [14, 27]).

We show that the automata-based realizability model of [26] can be obtained by a suitable modification of the usual linear Dialectica interpretation, in which the formula \({{\varphi }_D}\) essentially represents a deterministic automaton on \(\omega \)-words and is in general not quantifier-free, and whose realizers are exactly the finite-state accepting strategies in the model of [26]. In addition to provide a syntactic extraction procedure with internalized and automata-free correctness proof, this reformulation has a striking consequence, namely that there exists an extension \(\mathsf {LMSO}(\mathfrak C)\) of which is complete in the sense that for each closed formula \(\varphi \), it either proves \(\varphi \) or its linear negation \(\varphi \multimap \bot \). Since \(\mathsf {LMSO}(\mathfrak C)\) has realizers for all provable -statements, its completeness contrasts with the classical setting, in which due to provable non-constructive statements, one can not decide Church’s synthesis by only looking for proofs of \(\forall \exists \)-statements or their negations. Besides, \(\mathsf {LMSO}(\mathfrak C)\) has a linear choice axiom which is realizable in the sense of both \({(-)^D}\) and [26], but whose naive \(\mathsf {MSO}\) counterpart is false.

The paper is organized as follows. We present our basic setting in Sect. 2, with a particular emphasis on particularities of (finite-state) causal functions to model strategies and realizers. Our variant of Dialectica and the corresponding linear system are discussed in Sect. 3, while Sect. 4 defines the systems and \(\mathsf {LMSO}(\mathfrak C)\) and shows the completeness of \(\mathsf {LMSO}(\mathfrak C)\).

2 Preliminaries

Alphabets (denoted \(\varSigma ,\varGamma ,\text {etc}\)) are finite non-empty sets of the form \(\mathbf {2}^p\) for some \(p \in \mathbb {N}\). We let . Note that alphabets are closed under Cartesian products and set-theoretic function spaces. It follows that taking , we have an alphabet \(\llbracket \tau \rrbracket \) for each simple type \(\tau \in \mathrm {ST}\), where

figure c

We often write \((\tau )\sigma \) for the type \(\sigma \rightarrow \tau \). Given an \(\omega \)-word (or stream) \(B\in \varSigma ^\omega \) and \(n \in \mathbb {N}\), we write \(B\mathord \upharpoonright n\) for the finite word \(B(0).\cdots .B(n-1) \in {\varSigma }^{*}\).

Church’s Synthesis and Causal Functions. Church’s synthesis consists in the automatic extraction of stream functions from input-output specifications (see e.g. [12, 31]). These specifications are in general asked to be \(\omega \)-regular, or equivalently definable in \(\mathsf {MSO}\) over \(\omega \)-words. In practice, proper subsets of \(\mathsf {MSO}\) (and even of \(\mathsf {LTL}\)) are assumed (see e.g. [5, 11, 12]). As an example, the relation

$$\begin{aligned} (\exists ^\infty k) B(k) ~~\Rightarrow ~~ (\exists ^\infty k) C(k) \qquad \text {resp.}\qquad (\forall ^\infty k) B(k) ~~\Rightarrow ~~ (\exists ^\infty k) C(k) \end{aligned}$$
(1)

with input \(B\in \mathbf {2}^\omega \) and output \(C\in \mathbf {2}^\omega \) specifies functions \(F : \mathbf {2}^\omega \rightarrow \mathbf {2}^\omega \) such that \(F(B) \in \mathbf {2}^\omega \simeq \mathcal {P}(\mathbb {N})\) is infinite whenever \(B\in \mathbf {2}^\omega \simeq \mathcal {P}(\mathbb {N})\) is infinite (resp. the complement of \(B\) is finite). One may also additionally require to respect the transitions of some automaton. For instance, following [31], in addition to either case of (1) one can ask \(C\subseteq B\) and \(C\) not to contain two consecutive positions:

$$\begin{aligned} (\forall n)(C(n) ~~\Rightarrow ~~ B(n)) \qquad \text {and}\qquad (\forall n)(C(n) ~~\Rightarrow ~~ \lnot C(n+1)) \end{aligned}$$
(2)

In any case, the realizers must be (finite-state) causal functions. A stream function \(F : \varSigma ^\omega \rightarrow \varGamma ^\omega \) is causal (notation \(F:\varSigma \rightarrow _{\mathbb {S}} \varGamma \)) if it can produce a prefix of length n of its output from a prefix of length n of its input. Hence F is causal if it is induced by a map \(f : \varSigma ^+ \rightarrow \varGamma \) as follows:

figure d

The finite-state (f.s.) causal functions are those induced by Mealy machines. A Mealy machine \(\mathcal {M} : \varSigma \rightarrow \varGamma \) is a DFA over input alphabet \(\varSigma \) equipped with an output function \(\lambda : Q_{\mathcal {M}} \times \varSigma \rightarrow \varGamma \) (where \(Q_{\mathcal {M}}\) is the state set of \(\mathcal {M}\)). Writing \({\partial }^{*}: {\varSigma }^{*}\rightarrow Q_{\mathcal {M}}\) for the iteration of the transition function \(\partial \) of \(\mathcal {M}\) from its initial state, \(\mathcal {M}\) induces a causal function via .

Causal and f.s. causal functions form categories with finite products. Let \(\mathbb {S}\) be the category whose objects are alphabets and whose maps from \(\varSigma \) to \(\varGamma \) are causal functions \(F : \varSigma ^\omega \rightarrow \varGamma ^\omega \). Let \(\mathbb {M}\) be the wide subcategory of \(\mathbb {S}\) whose maps are finite-state causal functions.Footnote 1

Example 1.

  1. (a)

    Usual functions \(\varSigma \rightarrow \varGamma \) lift to (pointwise, one-state) maps \(\varSigma \rightarrow _{\mathbb {M}} \varGamma \). For instance, the identity \(\varSigma \rightarrow _{\mathbb {M}} \varSigma \) is induced by the Mealy machine with \({\langle \partial ,\lambda \rangle } : (-,\mathsf {a}) \mapsto (-, \mathsf {a})\).

  2. (b)

    Causal functions \(\mathbf {1}\rightarrow _{\mathbb {S}} \varSigma \) correspond exactly to \(\omega \)-words \(B\in \varSigma ^\omega \).

  3. (c)

    The conjunction of (2) with either side of (1) is realized by the causal function \(F : \mathbf {2}\rightarrow _{\mathbb {M}} \mathbf {2}\) induced by the machine \(\mathcal {M} : \mathbf {2}\rightarrow \mathbf {2}\) displayed on Fig. 1 (left, where a transition \(\mathsf {a}|\mathsf {b}\) outputs \(\mathsf {b}\) from input \(\mathsf {a}\)), taken from [31].

Proposition 1

The Cartesian product of \(\varSigma _1,\dots ,\varSigma _n\) (for \(n \ge 0\)) in \(\mathbb {S},\mathbb {M}\) is given by the product of sets \(\varSigma _1 \times \dots \times \varSigma _n\) (so that \(\mathbf {1}\) is terminal).

Fig. 1.
figure 1

A Mealy machine (left) and an equivalent eager (Moore) machine (right).

Full size image

The Logic \({{\mathbf {\mathsf{{MSO}}}}}\mathbf{(M). }\) Our specification language \(\mathsf {MSO}(\mathbf {M})\) is an extension of \(\mathsf {MSO}\) on \(\omega \)-words with one function symbol for each f.s. causal function. More precisely, \(\mathsf {MSO}(\mathbf {M})\) is a many-sorted first-order logic, with one sort for each simple type \(\tau \in \mathrm {ST}\), and with one function symbol of arity \((\sigma _1,\dots ,\sigma _n;\tau )\) for each map . A term \(\mathtt {t}\) of sort \(\tau \) (notation \(\mathtt {t}^\tau \)) with free variables among \(x_1^{\sigma _1},\dots ,x_n^{\sigma _n}\) (we say that \(\mathtt {t}\) is of arity \((\sigma _1,\dots ,\sigma _n;\tau )\)) thus induces a map . Given a valuation for \(i \in \{1,\dots ,n\}\), we then obtain an \(\omega \)-word

\(\mathsf {MSO}(\mathbf {M})\) extends \(\mathsf {MSO}\) with \(\exists x^\tau \) and \(\forall x^\tau \) ranging over and with sorted equalities \(\mathtt {t}^\tau \doteq \mathtt {u}^\tau \) interpreted as equality over . Write \(\models \varphi \) when \(\varphi \) holds in this model, called the standard model. The full definition of \(\mathsf {MSO}(\mathbf {M})\) is deferred to Sect. 4.1.

An instance of Church’s synthesis problem is given by a closed formula \((\forall x^\sigma )(\exists u^\tau )\varphi (u,x)\). A positive solution (or realizer) of this instance is a term \(\mathtt {t}(x)\) of arity \((\sigma ;\tau )\) such that \((\forall x^\sigma )\varphi (\mathtt {t}(x),x)\) holds.

Proposition 1 implies that \(\mathsf {MSO}(\mathbf {M})\) proves the following equations:

$$\begin{aligned} \pi _i({\langle \mathtt {t}_1,\dots ,\mathtt {t}_n\rangle }) ~\doteq _{\sigma _i}~ \mathtt {t}_i \qquad \text {and}\qquad \mathtt {t} ~\doteq _{\sigma _1 \times \dots \times \sigma _n}~ {\langle \pi _1(\mathtt {t}),\dots , \pi _n(\mathtt {t})\rangle } \end{aligned}$$
(3)

Hence each formula \(\varphi (a_1^{\sigma _1},\dots ,a_n^{\sigma _n})\) can be seen as a formula \(\varphi (a^{\sigma _1 \times \dots \times \sigma _n})\).

Eager Functions. A causal function \(\varSigma \rightarrow _{\mathbb {S}} \varGamma \) is eager if it can produce a prefix of length \(n+1\) of its output from a prefix of length n of its input. More precisely, an eager \(F : \varSigma \rightarrow _{\mathbb {S}} \varGamma \) is induced by a map \(f : {\varSigma }^{*}\rightarrow \varGamma \) as

$$\begin{aligned} F(B)(n) \quad =\quad f(B(0) \cdot \ldots \cdot B(n-1)) \qquad (\text {for all } B\in \varSigma ^\omega \text { and all } n \in \mathbb {N}) \end{aligned}$$

Finite-state eager functions are those induced by eager (Moore) machines (see also [11]). An eager machine \(\mathcal {E} : \varSigma \rightarrow \varGamma \) is a Mealy machine \(\varSigma \rightarrow \varGamma \) whose output function \(\lambda : Q_{\mathcal {E}} \rightarrow \varGamma \) is does not depend on the current input letter. An eager \(\mathcal {E} : \varSigma \rightarrow \varGamma \) induces an eager function via the map .

We write \(F : \varSigma \rightarrow _{\mathbb {E}} \varGamma \) when \(F : \varSigma \rightarrow _{\mathbb {S}} \varGamma \) is eager and \(F : \varSigma \rightarrow _{\mathbb {EM}} \varGamma \) when F is f.s. eager. All functions \(F : \varSigma \rightarrow _{\mathbb {M}} \mathbf {1}\), and more generally, constants functions \(F : \varSigma \rightarrow _{\mathbb {S}} \varGamma \) are eager. Note also that if \(F : \varSigma \rightarrow _{\mathbb {S}} \varGamma \) is eager, then \(F : \varSigma \rightarrow _{\mathbb {EM}} \varGamma \). On the other hand, if \(F : \varSigma \rightarrow _{\mathbb {EM}} \varGamma \) is induced by an eager machine \(\mathcal {E}\) then F is finite-state causal as being induced by the Mealy machine with same states and transitions as \(\mathcal {E}\), but with output function \((q,\mathsf {a}) \mapsto \lambda _{\mathcal {E}}(q)\).

Eager functions do not form a category since the identity of \(\mathbb {S}\) is not eager. On the other hand, eager functions are closed under composition with causal functions.

Proposition 2

If F is eager and GH are causal then \(H \mathbin \circ F \mathbin \circ G\) is eager.

Isolating eager functions allows a proper treatment of strategies in games and realizers w.r.t. the Dialectica interpretation. Since \(\varSigma ^+ \rightarrow \varGamma \simeq {\varSigma }^{*}\rightarrow \varGamma ^\varSigma \), maps \(\varSigma \rightarrow _{\mathbb {E}} \varGamma ^\varSigma \) are in bijection with maps \(\varSigma \rightarrow _{\mathbb {S}} \varGamma \). This easily extends to machines. Given a Mealy machine \(\mathcal {M} : \varSigma \rightarrow \varGamma \), let \(\varvec{\varLambda }(\mathcal {M}) : \varSigma \rightarrow \varGamma ^\varSigma \) be the eager machine defined as \(\mathcal {M}\) but with output map taking \(q \in Q_{\mathcal {M}}\) to \((\mathsf {a} \mapsto \lambda _{\mathcal {M}}(q,\mathsf {a})) \in \varGamma ^\varSigma \).

Example 2

Recall the Mealy machine \(\mathcal {M} : \mathbf {2}\rightarrow \mathbf {2}\) of Ex. 1.(c). Then \(\varvec{\varLambda }(\mathcal {M}) : \mathbf {2}\rightarrow \mathbf {2}^\mathbf {2}\) is the eager machine displayed in Fig. 1 (right, where the output is indicated within states).

Eager f.s. functions will often be used with the following notations. First, let \(@\) be the pointwise lift to \(\mathbb {M}\) of the usual application function \(\varGamma ^\varSigma \times \varSigma \rightarrow \varGamma \). We often write (F)G for \(@(F,G)\). Consider a Mealy machine \(\mathcal {M} : \varSigma \rightarrow \varGamma \) and the induced eager machine \(\varvec{\varLambda }(\mathcal {M}) : \varSigma \rightarrow \varGamma ^\varSigma \). We have

$$\begin{aligned} F_{\mathcal {M}}(B) \quad =\quad @(F_{\varvec{\varLambda }(\mathcal {M})}(B),B) \qquad \qquad \qquad (\mathrm {for~all}~B\in \varSigma ^\omega ) \end{aligned}$$

Given \(F : \varGamma \rightarrow _{\mathbb {E}} \varSigma ^\varGamma \), we write \(\varvec{\mathrm {e}}(F)\) for the causal \(@(F(-),-) : \varGamma \rightarrow _{\mathbb {S}} \varSigma \). Given \(F : \varGamma \rightarrow _{\mathbb {S}} \varSigma \), we write \(\varvec{\varLambda }(F)\) for the eager \(\varGamma \rightarrow _{\mathbb {E}} \varSigma ^\varGamma \) such that \(F = \varvec{\mathrm {e}}(\varvec{\varLambda }(F))\). We extend these notations to terms.

Eager functions admit fixpoints similar to those of contractive maps in the topos of tree (see e.g. [4, Thm. 2.4]).

Proposition 3

For each \(F : \varSigma \times \varGamma \rightarrow _{\mathbb {E}} \varSigma ^\varGamma \) there is a \(\mathop {\mathrm {fix}}(F) : \varGamma \rightarrow _{\mathbb {E}} \varSigma ^\varGamma \) s.t.

figure g

If F is induced by the eager machine \(\mathcal {E} : \varSigma \times \varGamma \rightarrow \varSigma ^\varGamma \), then \(\mathop {\mathrm {fix}}(F)\) is induced by the eager \(\mathcal {H} : \varGamma \rightarrow \varSigma ^\varGamma \) defined as \(\mathcal {E}\) but with \( \partial _{\mathcal {H}} : (q,\mathsf {b}) \mapsto \partial _{\mathcal {E}}\big (q,\, ((\lambda _{\mathcal {E}}(q))\mathsf {b} , \mathsf {b}) \big ) \).

Games. Traditional solutions to Church’s synthesis turn specifications to infinite two-player games with \(\omega \)-regular winning conditions. Consider an \(\mathsf {MSO}(\mathbf {M})\) formula \(\varphi (u^\tau ,x^\sigma )\) with no free variable other than ux. We see this formula as defining a two-player infinite game \(\mathcal {G}(\varphi )(u^\tau ,x^\sigma )\) between the Proponent \(\mathsf {P}\) (\(\exists \)loïse), playing moves in and the Opponent \(\mathsf {O}\) (\(\forall \)bélard), playing moves in . The Proponent begins, and then the two players alternate, producing an infinite play of the form

figure h

The play \(\chi \) is winning for \(\mathsf {P}\) if \(\varphi ((\mathsf {u}_k)_k,(\mathsf {x})_k)\) holds. Otherwise \(\chi \) is winning for \(\mathsf {O}\). Strategies for \(\mathsf {P}\) resp. \(\mathsf {O}\) in this game are functions

Hence finite-state strategies are represented by f.s. eager functions. In particular, a realizer of \((\forall x^\sigma )(\exists u^\tau )\varphi (u,x)\) in the sense of Church is a f.s. \(\mathsf {P}\)-strategy in

$$ \mathcal {G}\big ( \varphi ((u)x,x) \big ) \big ( u^{(\tau )\sigma },x^\sigma \big ) $$

Most approaches to Church’s synthesis reduce to Büchi-Landweber Theorem [7], stating that games with \(\omega \)-regular winning conditions are effectively determined, and that the winner always has a finite-state winning strategy. We will use Büchi-Landweber Theorem in following form. Note that an \(\mathsf {O}\)-strategy in the game \(\mathcal {G}(\varphi )(u^\tau ,x^\sigma )\) is a \(\mathsf {P}\)-strategy in the game \(\mathcal {G}\big (\lnot \varphi (u,(x)u) \big )\big ( x^{(\sigma )\tau },u^\tau \big )\).

Theorem 1

([7]). Let \(\varphi (u^\tau ,x^\sigma )\) be an \(\mathsf {MSO}(\mathbf {M})\)-formula with only ux free. Then either there is an eager term \(\mathtt {u}(x)\) of arity \((\sigma ;\tau )\) such that \(\models (\forall x)\varphi (\mathtt {u}(x),x)\) or there is an eager term \(\mathtt {x}(u)\) of arity \((\tau ;(\sigma )\tau )\) such that \(\models (\forall u)\lnot \varphi (u,\varvec{\mathrm {e}}(\mathtt {x})(u))\). It is decidable which case holds and the terms are computable from \(\varphi \).

Curry-Howard Approaches. Following the complete axiomatization of \(\mathsf {MSO}\) on \(\omega \)-words of [28] (see also [26]), one can axiomatize \(\mathsf {MSO}(\mathbf {M})\) with a deduction system based on arithmetic (see Sect. 4.1). Consider an instance of Church’s synthesis \((\forall x^\sigma )(\exists u^\tau )\varphi (u,x)\). Then we get from Theorem 1 the alternative

(4)

for an eager term \(\mathtt {u}(x)\) or a causal term \(\mathtt {x}(u)\). By enumerating proofs and machines, one thus gets a (naive) syntactic algorithm for Church’s synthesis. But it seems however unlikely to obtain a complete classical system in which the provable \(\forall \exists \)-statements do correspond to the realizable instances of Church’s synthesis, because \(\mathsf {MSO}(\mathbf {M})\) has true but unrealizable \(\forall \exists \)-statements. Besides, note that

figure i

while it is possible both for realizable and unrealizable instances to have

(5)

In previous works [25, 26], the authors devised intuitionistic and linear variants of \(\mathsf {MSO}\) on \(\omega \)-words in which, thanks to automata-based polarity systems, proofs of suitably polarized existential statements correspond exactly to realizers for Church’s synthesis. In particular, [26] proposed a system based on (intuitionistic) linear logic [13], such that via a translation , provable -statements exactly correspond to realizable instances of Church’s synthesis, while (4) exactly corresponds to alternatives of the form

(6)

This paper goes further. We show that the automata-based realizability model of [26] can be obtained in a syntactic way, thanks to a (linear) Dialectica-like interpretation of a variant of , which turns a formula \(\varphi \) to a formula \({\varphi ^D}\) of the form \((\exists u)(\forall x){{\varphi }_D}(u,x)\), where \({{\varphi }_D}(u,x)\) essentially represents a deterministic automaton. While the correctness of the extraction procedure of [25, 26] relied on automata-theoretic techniques, we show here that it can be performed syntactically. Second, by extending with realizable axioms, we obtain a system \(\mathsf {LMSO}(\mathfrak C)\) in which, using an adaptation of the usual Characterization Theorem for Dialectica stating that (see e.g. [16]), alternatives of the form (6) imply that for a closed \(\varphi \),

$$ \vdash _{\mathsf {LMSO}(\mathfrak C)} \varphi \qquad \text {or}\qquad \vdash _{\mathsf {LMSO}(\mathfrak C)} \varphi \multimap \bot $$

where \((-) \multimap \bot \) is a linear negation. We thus get a complete linear system with extraction of suitably polarized \(\forall \exists \)-statements. Such a system can of course not have a standard semantics, and indeed, \(\mathsf {LMSO}(\mathfrak C)\) has a functional choice axiom

figure l

which is realizable in the sense of both \({(-)^D}\) and [26], but whose translation to \(\mathsf {MSO}(\mathbf {M})\) (which precludes (5)) is false in the standard model.

3 A Monadic Linear Dialectica-Like Interpretation

Gödel’s “Dialectica” functional interpretation associates to \(\varphi (a)\) a formula \({\varphi ^D}(a)\) of the form \((\exists u^{\tau })(\forall x^{\sigma }){{\varphi }_D}(u,x,a)\). In usual versions formulated in higher-types arithmetic (see e.g. [1, 16]), the formula \({{\varphi }_D}\) is quantifier-free, so that \({\varphi ^D}\) is a prenex form of \(\varphi \). This prenex form is constructive, and a constructive proof of \(\varphi \) can be turned to a proof of \({\varphi ^D}\) with an explicit (closed) witness for \(\exists u\). We call such witnesses realizers of \(\varphi \). Even if Dialectica originally interprets intuitionistic arithmetic, it is structurally linear: in general, realizers of contraction

only exist when the term language can decide \({{\varphi }_D}(u,x,a)\), which is possible in arithmetic but not in all settings. Besides, linear versions of Dialectica were formulated at the very beginning of linear logic [21,22,23] (see also [14, 27]).

In this paper, we use a variant of Dialectica as a syntactic formulation of the automata-based realizability model of [26]. The formula \({{\varphi }_D}\) essentially represents a deterministic automaton on \(\omega \)-words and is in general not quantifier-free. Moreover, we extract f.s. causal functions, while the category \(\mathbb {M}\) is not closed. As a result, a realizer of \(\varphi \) is an open (eager) term \(\mathtt {u}(x)\) of arity \((\sigma ;\tau )\) satisfying \({{\varphi }_D}(\mathtt {u}(x),x)\). While it is possible to exhibit realizers for contraction on closed \(\varphi \) thanks to the Büchi-Landweber Theorem, this is generally not the case for open \(\varphi (a)\). We therefore resort to working in a linear system, in which we obtain witnesses for -statements (and thus for realizable instances of Church’s synthesis), but not for all \(\forall \exists \)-statements.

Fix a set of atomic formulae \(\mathrm {At}\) containing all \((\mathtt {t}^\tau \doteq \mathtt {u}^\tau )\), and a standard interpretation extending Sect. 2 for each \(\alpha \in \mathrm {At}\).

3.1 The Multiplicative Fragment

Our linear system is based on full intuitionistic linear logic (see [15]). The formulae of the multiplicative fragment \(\mathsf {MF}\) are given by the grammar:

figure n

(where \(\alpha \in \mathrm {At}\)). Deduction is given by the rules of Fig. 2 and the axioms

(7)
Fig. 2.
figure 2

Deduction for \(\mathsf {MF}\) (where \(z^\tau \) is fresh).

Full size image

Each formula \(\varphi \) of \(\mathsf {MF}\) can be mapped to a classical formula \(\lfloor \varphi \rfloor \) (where \({\varvec{\mathrm {I}}}\), \(\multimap \), \(\otimes \), are replaced resp. by ). Hence \(\lfloor \varphi \rfloor \) holds whenever \(\vdash \varphi \)

The Dialectica interpretation of \(\mathsf {MF}\) is the usual one rewritten with the connectives of \(\mathsf {MF}\), but for the disjunction that we treat similarly as \(\otimes \). To each formula \(\varphi (a)\) with only a free, we associate a formula \({\varphi ^D}(a)\) with only a free, as well as a formula \({{\varphi }_D}\) with possibly other free variables. For atomic formulae we let . The inductive cases are given on Fig. 3, where \({\varphi ^D}(a) = (\exists u)(\forall x){{\varphi }_D}(u,x,a)\) and \({\psi ^D}(a) = (\exists v)(\forall y){{\psi }_D}(v,y,a)\).

Dialectica is such that \({\varphi ^D}\) is equivalent to \(\varphi \) via possibly non-intuitionistic but constructive principles. The tricky connectives are implication and universal quantification. Similarly as in the intuitionistic case (see e.g. [1, 16, 33]), \({(\varphi \multimap \psi )^D}\) is prenex a form of \({\varphi ^D}\multimap {\psi ^D}\) obtained using \((\mathsf {LAC})\) together with linear variants of the Markov and Independence of premises principles. In our case, the equivalence also requires additional axioms for \(\otimes \) and . We give details for the full system in Sect. 3.3.

The soundness of \({(-)^D}\) goes as usual, excepted that we extract open eager terms: from a proof of \(\varphi (a^\kappa )\) we extract a realizer of \((\forall a)\varphi (a)\), that is an open eager term \(\mathtt {u}(x,a)\) s.t. \(\vdash {{\varphi }_D}(@(\mathtt {u}(x,a),a),x,a)\). Composition of realizers (in part. required for the cut rule) is given by the fixpoints of Proposition 3. Note that a realizer of a closed \(\varphi \) is a finite-state winning \(\mathsf {P}\)-strategy in \(\mathcal {G}(\lfloor {{\varphi }_D} \rfloor )(u,x)\).

Fig. 3.
figure 3

The Dialectica Interpretation of \(\mathsf {MF}\) (where types are leaved implicit).

Full size image

3.2 Polarized Exponentials

It is well-known that the structure of Dialectica is linear, as it makes problematic the interpretation of contraction:

figure s

In our case, the Büchi-Landweber Theorem implies that all closed instances of contraction have realizers which are correct in the standard model. But this is in general not true for open instances.

Example 3

Realizers of \(\varphi \multimap \varphi \otimes \varphi \) for a closed \(\varphi \) are given by eager terms \(\mathtt {U}_1(u,x_1,x_2)\), \(\mathtt {U}_2(u,x_1,x_2)\), \(\mathtt {X}(u,x_1,x_2)\) which must represent \(\mathsf {P}\)-strategies in the game \(\mathcal {G}(\varPhi )({\langle U_1,U_2,X\rangle },{\langle u,x_1,x_2\rangle })\), where \(\varPhi \) is

figure t

By the Büchi-Landweber Theorem 1, either there is an eager term \(\mathtt {U}(x)\) such that \(\lfloor {{\varphi }_D}(\mathtt {U}(x),x) \rfloor \) holds, so that

figure u

or there is an eager term \(\mathtt {X}(u)\) such that \(\lnot \lfloor {{\varphi }_D}(u,\varvec{\mathrm {e}}(\mathtt {X})(u)) \rfloor \) holds, so that

figure v

Example 4

Consider the open formula where for the first \(n \in \mathbb {N}\) with \(C(n+1) = B(0)\) if such n exists, and such that otherwise. The game induced by \({{((\forall a)(\varphi \multimap \varphi \otimes \varphi ))}_D}\) is \(\mathcal {G}(\varPhi )(X,{\langle x_1,x_1,a\rangle })\), where \(\varPhi \) is

figure w

In this game, \(\mathsf {P}\) begins by playing a function \(\mathbf {2}^3 \rightarrow \mathbf {2}\), \(\mathsf {O}\) replies in \(\mathbf {2}^3\), and then \(\mathsf {P}\) and \(\mathsf {O}\) keep on alternatively playing moves of the expected type. A finite-state winning strategy for \(\mathsf {O}\) is easy to find. Let \(\mathsf {P}\) begin with the function \(\mathsf {X}\). Fix some \(\mathsf {a} \in \mathbf {2}\) and let . \(\mathsf {O}\) replies \((0,1,\mathsf {a})\) to \(\mathsf {X}\). The further moves of \(\mathsf {P}\) are irrelevant, and \(\mathsf {O}\) keeps on playing \((-,-,1-i)\) (the values of \(x_1\) and \(x_2\) are irrelevant after the first round). This strategy ensures

Hence we can not realize contraction while remaining correct w.r.t. the standard model. On the other hand, Dialectica induces polarities generalizing the usual polarities of linear logic (see e.g. [17]). Say that \(\varphi (a)\) is positive (resp. negative) if \({\varphi ^D}(a)\) is of the form \({\varphi ^D}(a) = (\exists u^\tau ){{\varphi }_D}(u,-,a)\) (resp. \({\varphi ^D}(a) = (\forall x^\sigma ){{\varphi }_D}(-,x,a)\)). Quantifier-free formulae are thus both positive and negative.

Example 5

Polarized contraction

figure x

gives realizers of all instances of itself. Indeed, with say \({\varphi ^D}(a) = (\exists u){{\varphi }_D}(u,-,a)\) and \({\psi ^D}(a) = (\forall y){{\psi }_D}(-,y,a)\), \(\varvec{\varLambda }(\pi _1)\) (for \(\pi _1\) a \(\mathbb {M}\)-projection on suitable types) gives eager terms \(\mathtt {U}(u,a)\) and \(\mathtt {Y}(y,a)\) such that

figure y

We only have exponentials for polarized formulae. First, following the usual polarities of linear logic, we can let

(8)

Hence is positive for a positive \(\varphi \) and is negative for a negative \(\psi \). The following exponential contraction axioms are then interpreted by themselves:

figure z

Second, we can have exponentials and with the automata-based reading of [26]. Positive formulae are seen as non-deterministic automata, and on positive formulae is determinization on \(\omega \)-words (McNaughton’s Theorem [19]). Negative formulae are seen as universal automata, and on negative formulae is co-determinization (an instance of the Simulation Theorem [10, 20]). Formulae which are both positive and negative (notation \((-)^\pm \)) correspond to deterministic automata, and are called deterministic. We let

(9)

So and are always deterministic. The corresponding exponential contraction axioms are interpreted by themselves. This leads to the following polarized fragment \(\mathsf {PF}\) (the deduction rules for exponentials are given on Fig. 4):

figure aa
Fig. 4.
figure 4

Exponential rules of \(\mathsf {PF}\).

Full size image

3.3 The Full System

The formulae of the full system \(\mathsf {FS}\) are given by the following grammar:

figure ab

Deduction in \(\mathsf {FS}\) is given by Figs. 2, 4 and (7). We extend \(\lfloor - \rfloor \) to \(\mathsf {FS}\) with . Hence \(\lfloor \varphi \rfloor \) holds when \(\vdash \varphi \) is derivable. The Dialectica interpretation of \(\mathsf {FS}\) is given by Fig. 3 and (8), (9) (still taking for atoms). Note that \({(-)^D}\) preserves and reflects polarities.

Theorem 2

(Soundness). Let \(\varphi \) be closed with \({\varphi ^D}= (\exists u^\tau )(\forall x^\sigma ){{\varphi }_D}(u,x)\). From a proof of \(\varphi \) in \(\mathsf {FS}\) one can extract an eager term \(\mathtt {u}(x)\) such that \(\mathsf {FS}\) proves \((\forall x^\sigma ){{\varphi }_D}(\mathtt {u}(x),x)\).

As usual, proving requires extra axioms. Besides \((\mathsf {LAC})\), we use the following (linear) semi-intuitionistic principles \((\mathsf {LSIP})\), with polarities as shown:

figure ad

as well as the following deterministic exponential axioms \((\mathsf {DEXP})\):

figure ae

All these axioms but \((\mathsf {LAC})\) are true in the standard model (via \(\lfloor - \rfloor \)). Moreover:

Proposition 4

The axioms \((\mathsf {LAC})\) and \((\mathsf {LSIP})\) are realized in \(\mathsf {FS}\). The axioms \((\mathsf {DEXP})\) are realized in \(\mathsf {FS}+(\mathsf {DEXP})\).

Theorem 3

(Characterization). We have

figure af

Corollary 1

(Extraction). Consider a closed formula with \(\delta \) deterministic. From a proof of \(\varphi \) in \(\mathsf {FS}+(\mathsf {LAC})+(\mathsf {LSIP})+(\mathsf {DEXP})\) one can extract a term \(\mathtt {t}(x)\) such that \(\models (\forall x^\sigma )\lfloor \delta (\mathtt {t}(x),x) \rfloor \).

Note that \(\mathsf {FS}+(\mathsf {DEXP})\) proves for all deterministic \(\delta \).

3.4 Translations of Classical Logic

There are many translations from classical to linear logic. Two canonical possibilities are the \({(-)}^T\) and \({(-)}^Q\)-translation of [9] (see also [17, 18]) targeting resp. negative and positive formulae. Both take classical sequents to linear sequents of the form , which are provable in \(\mathsf {FS}\) thanks to the \(\mathsf {PF}\) rules

For the completeness of \(\mathsf {LMSO}(\mathfrak C)\) (Theorem 6, Sect. 4), we shall actually require a translation such that the linear equivalences (with polarities as displayed)

figure ai

are provable possibly with extra axioms that we require to realize themselves. In part., (10) implies \((\mathsf {DEXP})\), and should give deterministic formulae. While \({(-)}^T\) and \({(-)}^Q\) can be adapted accordingly, (10) induces axioms which make the resulting translations equivalent to the deterministic -translation of [26]:

figure al

Proposition 5

The scheme (10) is equivalent in \(\mathsf {FS}\) to \((\mathsf {DEXP}) + (\mathsf {PEXP})\), where \((\mathsf {PEXP})\) are the following polarized exponential axioms, with polarities as shown:

figure am

Proposition 6

If \(\varphi \) is provable in many-sorted classical logic with equality then \(\mathsf {FS}+(\mathsf {DEXP})\) proves .

Proposition 7

The axioms \((\mathsf {PEXP})\) are realized in \(\mathsf {FS}+(\mathsf {LSIP})+(\mathsf {DEXP})+(\mathsf {PEXP})\). Corollary 1 thus extends to \(\mathsf {FS}+(\mathsf {LAC})+(\mathsf {LSIP})+(\mathsf {DEXP})+(\mathsf {PEXP})\).

Note that is deterministic and that .

4 Completeness

In Sect. 3 we devised a Dialectica-like \({(-)^D}\) providing a syntactic extraction procedure for -statements. In this Section, building on an axiomatic treatment of \(\mathsf {MSO}(\mathbf {M})\), we show that , an arithmetic extension of \(\mathsf {FS}+(\mathsf {LSIP})+(\mathsf {DEXP})+(\mathsf {PEXP})\) adapted from [26], is correct and complete w.r.t. Church’s synthesis, in the sense that the provable -statements are exactly the realizable ones. We then turn to the main result of this paper, namely the completeness of . We fix the set of atomic formulae

figure as

4.1 The Logic \(\mathsf {MSO}(\mathbf {M})\)

\(\mathsf {MSO}(\mathbf {M})\) is many-sorted first-order logic with atomic formulae \(\alpha \in \mathrm {At}\). Its sorts and terms are those given in Sect. 2, and standard interpretation extends that of Sect. 2 as follows: \(\mathrel {\dot{\subseteq }}\) is set inclusion, \(\mathsf {E}\) holds on \(B\) iff \(B\) is empty, \(\mathsf {N}\) (resp. \(\mathsf {0}\)) holds on \(B\) iff \(B\) is a singleton \(\{n\}\) (resp. the singleton \(\{0\}\)), and \(\mathsf {S}(B,C)\) (resp. \(B\mathrel {\dot{\le }}C\)) holds iff \(B= \{n\}\) and \(C= \{n+1\}\) for some \(n \in \mathbb {N}\) (resp. \(B= \{n\}\) and \(C= \{m\}\) for some \(n \le m\)). We write \(x^\iota \) for variables \(x^o\) relativized to \(\mathsf {N}\), so that \((\exists x^\iota )\varphi \) and \((\forall x^\iota )\varphi \) stand resp. for and \((\forall x^o)(\mathsf {N}(x) \rightarrow \varphi )\). Moreover, \(x^\iota \mathrel {\dot{\in }}\mathtt {t}\) stands for \(x^\iota \mathrel {\dot{\subseteq }}\mathtt {t}\), so that \(\mathtt {t}^o\mathrel {\dot{\subseteq }}\mathtt {u}^o\) is equivalent to \((\forall x^\iota )(x \mathrel {\dot{\in }}\mathtt {t} \rightarrow x \mathrel {\dot{\in }}\mathtt {u})\).

The logic \({\mathsf {MSO}^+}\) [26] is \(\mathsf {MSO}(\mathbf {M})\) restricted to the type \(o\), hence with only terms for Mealy machines of sort \((\mathbf {2},\dots ,\mathbf {2};\mathbf {2})\). The \(\mathsf {MSO}\) of [26] is the purely relational (term-free) restriction of \({\mathsf {MSO}^+}\). Recall from [26, Prop. 2.6], that for each Mealy machine \(\mathcal {M} : \mathbf {2}^p \rightarrow \mathbf {2}\), there is an \(\mathsf {MSO}\)-formula such that for all \(n \in \mathbb {N}\) and all , we have iff holds.

The axioms of \(\mathsf {MSO}(\mathbf {M})\) are the arithmetic rules of Fig. 5, the axioms (7) and the following, where \(\mathcal {M}:\mathbf {2}^p \rightarrow \mathbf {2}\) and yzX are fresh.

The theory \(\mathsf {MSO}(\mathbf {M})\) is complete. Thus provability in \(\mathsf {MSO}(\mathbf {M})\) and validity in the standard model coincide. This extends [26, Thm. 2.11 (via [28])].

Theorem 4

(Completeness of \(\mathsf {MSO}(\mathbf {M})\)). For closed \(\mathsf {MSO}(\mathbf {M})\)-formulae \(\varphi \), we have \(\models \varphi \) if and only if \(\vdash _{\mathsf {MSO}(\mathbf {M})} \varphi \).

Fig. 5.
figure 5

The Arithmetic Rules of \(\mathsf {MSO}(\mathbf {M})\) and (with terms of sort \(o\) and z fresh).

Full size image

4.2 The Logic \(\mathsf {LMSO}\)

The system is \(\mathsf {FS}+(\mathsf {LSIP})+(\mathsf {DEXP})+(\mathsf {PEXP})\) extended with Fig. 5 and

figure ax

Let . Note that \(\vdash _{\mathsf {MSO}(\mathbf {M})} \lfloor \varphi \rfloor \) whenever . Proposition 6 extends so that similarly as in [26] we have

Proposition 8

If \(\vdash _{\mathsf {MSO}(\mathbf {M})} \varphi \) then . In part., for a realizable instance of Church’s synthesis \((\forall x^\sigma )(\exists u^\tau )\varphi (u,x)\), we have .

Moreover, the soundness of \({(-)^D}\) extends to . It follows that \(\mathsf {LMSO}(\mathfrak C)\) is coherent and proves exactly the realizable -statements.

Theorem 5

(Soundness). Let \(\varphi \) be closed with \({\varphi ^D}= (\exists u^\tau )(\forall x^\sigma ){{\varphi }_D}(u,x)\). From a proof of \(\varphi \) in \(\mathsf {LMSO}(\mathfrak C)\) one can extract an eager term \(\mathtt {u}(x)\) such that proves \((\forall x^\sigma ){{\varphi }_D}(\mathtt {u}(x),x)\).

Corollary 2

(Extraction). Consider a closed formula with \(\delta \) deterministic. From a proof of \(\varphi \) in \(\mathsf {LMSO}(\mathfrak C)\) one can extract a term \(\mathtt {t}(x)\) such that \(\models (\forall x^\sigma )\lfloor \delta (\mathtt {t}(x),x) \rfloor \).

4.3 Completeness of \(\mathsf {LMSO}(\mathfrak C)\)

The completeness of \(\mathsf {LMSO}(\mathfrak C)\) follows from a couple of important facts. First, \(\mathsf {LMSO}(\mathfrak C)\) proves the elimination of linear double negation, using (via Theorem 3) the same trick as in [26].

Lemma 1

For all -formula \(\varphi \), we have \((\varphi \multimap \bot ) \multimap \bot \vdash _{\mathsf {LMSO}(\mathfrak C)} \varphi \).

Combining Lemma 1 with \((\mathsf {LAC})\) gives classical linear choice.

Corollary 3

\( (\forall f)(\exists x)\varphi (x,(f)x) \vdash _{\mathsf {LMSO}(\mathfrak C)} (\exists x)(\forall y)\varphi (x,y) \).

The key to the completeness of \(\mathsf {LMSO}(\mathfrak C)\) is the following quantifier inversion.

Lemma 2

\( (\forall x^\sigma )\varphi (\mathtt {t}^\tau (x),x) \vdash _{\mathsf {LMSO}(\mathfrak C)} (\exists u^\tau )(\forall x^\sigma )\varphi (u,x) \), where \(\mathtt {t}(x)\) is eager.

Lemma 2 follows (via Corollary 3) from the fixpoints on eager machines (Proposition 3). Fix an eager \(\mathtt {t}^\tau (x^\sigma )\). Taking the fixpoint of gives a term \(\mathtt {v}^\sigma (f^{(\sigma )\tau })\) such that \(\mathtt {v}(f) \doteq @(f,\mathtt {t}(\mathtt {v}(f)))\). Then conclude with

Completeness of \(\mathsf {LMSO}(\mathfrak C)\) then follows via \({(-)^D}\), Proposition 5, completeness of \(\mathsf {MSO}(\mathbf {M})\) and Büchi-Landweber Theorem 1. The idea is to lift a f.s. winning \(\mathsf {P}\)-strat. in \(\mathcal {G}(\lfloor {{\varphi }_D}(u,x) \rfloor )(u,x)\) to a realizer of \({\varphi ^D}= (\exists u)(\forall x){{\varphi }_D}(u,x)\) in \(\mathsf {LMSO}(\mathfrak C)\).

Theorem 6

(Completeness of \(\mathsf {LMSO}(\mathfrak C)\)). For each closed formula \(\varphi \), either \(\vdash _{\mathsf {LMSO}(\mathfrak C)} \varphi \) or \(\vdash _{\mathsf {LMSO}(\mathfrak C)} \varphi \multimap \bot \).

5 Conclusion

We provided a linear Dialectica-like interpretation of \(\mathsf {LMSO}(\mathfrak C)\), a linear variant of \(\mathsf {MSO}\) on \(\omega \)-words based on [26]. Our interpretation is correct and complete w.r.t. Church’s synthesis, in the sense that it proves exactly the realizable -statements. We thus obtain a syntactic extraction procedure with correctness proof internalized in \(\mathsf {LMSO}(\mathfrak C)\). The system \(\mathsf {LMSO}(\mathfrak C)\) is moreover complete in the sense that for every closed formula \(\varphi \), it proves either \(\varphi \) or its linear negation. While completeness for a linear logic necessarily collapse some linear structure, the corresponding axioms \((\mathsf {DEXP})\) and \((\mathsf {PEXP})\) do respect the structural constraints allowing for realizer extraction from proofs. The completeness of \(\mathsf {LMSO}(\mathfrak C)\) contrasts with that of the classical system \(\mathsf {MSO}(\mathbf {M})\), since the latter has provable unrealizable \(\forall \exists \)-statements. In particular, proof search in \(\mathsf {LMSO}(\mathfrak C)\) for -formulae and their negation is correct and complete w.r.t. Church’s synthesis. The design of the Dialectica interpretation also clarified the linear structure of , as it allowed us to decompose it starting from a system based on usual full intuitionistic linear logic (see e.g. [3] for recent references on the subject).

An outcome of witness extraction for \(\mathsf {LMSO}(\mathfrak C)\) is the realization of a simple version of the fan rule (in the usual sense of e.g. [16]). We plan to investigate monotone variants of Dialectica for our setting. Thanks to the compactness of \(\varSigma ^\omega \), we expect this to allow extraction of uniform bounds, possibly with translations to stronger constructive logics than .