is of bounded variation if there exists a real number K such that for every n > 0 .... (Let N = fs'length, xx = fs'se
A Formal Proof Of The Riesz Representation Theorem Anthony Narkawicz NASA Langley Research Center, Hampton, VA 23681-2199
This paper presents a formal proof of the Riesz representation theorem in the PVS theorem prover. The Riemann Stieltjes integral was defined in PVS, and the theorem relies on this integral. In order to prove the Riesz representation theorem, it was necessary to prove that continuous functions on a closed interval are Riemann Stieltjes integrable with respect to any function of bounded variation. This result follows from the equivalence of the Riemann Stieltjes and Darboux Stieltjes integrals, which would have been a lengthy result to prove in PVS, so a simpler lemma was proved that captures the underlying concept of this integral equivalence. In order to prove the Riesz theorem, the Hahn Banach theorem was proved in the case where the normed linear spaces are the continuous and bounded functions on a closed interval. The proof of the Riesz theorem follows the proof in Haaser and Sullivan’s book Real Analysis. The formal proof of this result in PVS revealed an error in textbook’s proof. Indeed, the proof of the Riesz representation theorem is constructive, and the function constructed in the textbook does not satisfy a key property. This error illustrates the ability of formal verification to find logical errors. A specific counterexample is given to the proof in the textbook. Finally, a corrected proof of the Riesz representation theorem is presented.
1.
INTRODUCTION
Recently, the formal methods research group at NASA Langley has undertaken the challenge to formalize probabilistic models of aircraft behavior in the airspace. This has resulted in a project to develop a probability theory library in PVS. The beginning of such a library was started by David Lester, who has formalized the theory of Lebesgue integration. One challenging factor is that the formal theories should be capable of proving both (1) results with actual numbers and (2) theorems in general probability theory. A measure theory approach to probability lends itself more to proving general theorems, while the Riemann integral lends itself more to proving results with actual numbers. Thus, an alternative that is being explored is the Riemann-Stieljtes integral, which allows for both discrete and continuous distributions to be defined and makes numerical approximations of probabilities at least conceivable. Recently, the author has defined and proved basic properties of the Riemann-Stieltjes integral. This paper presents a result involving the RiemannStieltjes integral, which is not basic, although it is very well-known by any graduate student in functional analysis. The Riesz representation theorem is a fundamental theorem in functional analysis. J.D. Gray’s gripping expos´e on the history of the theorem begins with the following remark: “Only rarely does the mathematical community pay a theorem the accolade of transforming it into a tautology. The Riesz representation theorem has received this accolade.” [Gra84] Journal of Formalized Reasoning Vol. 4, No. 1, 2011 Pages 1–24.
2
·
Anthony Narkawicz
By this, Gray means that the theorem has become so embedded in the minds of todays mathematicians that they often implicitly assume it and do not bother to note its application. This theorem is useful in many areas of analysis, including probability theory, where it is used to prove the existence of solutions to moment problems. This paper presents a formal proof of the theorem, as originally stated in 1909 by Riesz [Rie09], in the PVS theorem prover. The PVS development can be downloaded at http://shemesh.larc.nasa.gov/people/ajn/pvs_development. The proof uses standard techniques found in many textbooks, but most of the construction is taken from Haaser and Sullivan’s Real Analysis [HS71]. The Riesz representation theorem (henceforth called the Riesz theorem) classifies the bounded linear functionals on the space C[a, b], of continuous functions on the closed, bounded interval [a, b]. A linear functional on C[a, b] is a linear transformation L : C[a, b] → R, and it therefore satisfies the following two properties. (1)
For all f, g ∈ C[a, b] : L(f + g) = L(f ) + L(g)
(2)
For all c ∈ R, f ∈ C[a, b] : L(c · f ) = c · L(f )
The linear functional L is bounded if there exists a nonnegative real number M such that for all f ∈ C[a, b], |L(f )| ≤ M · kf ksup ,
(1)
where the (supremum) norm kgksup of an arbitrary bounded function g on [a, b] is defined by kgksup ≡
sup |g(x)|.
(2)
x∈[a,b]
This norm is defined for functions f ∈ C[a, b] because any continuous function on a closed interval is necessarily bounded [HS71]. If L is a bounded linear functional on C[a, b], then the operator norm kLkC[a,b] of L is the smallest real number M that satisfies Equation (1). It is easy to see that for any such L and any continuous function f on [a, b], |L(f )| ≤ kLkC[a,b] · kf ksup . The Riesz theorem classifies the bounded linear functionals on C[a, b] in terms of the set BV [a, b] of functions of bounded variation on [a, b]. A function g : [a, b] → R is of bounded variation if there exists a real number Pn K such that for every n > 0 and every partition a = x0 ≤ x1 ≤ · · · ≤ xn = b, i=1 |g(xi ) − g(xi−1 )| ≤ K. The total variation Vab (g) of a function g ∈ BV [a, b] is the minimum of all such real numbers K. If g ∈ BV [a, b], then there is an associated bounded linear functional Ig on C[a, b] given by Z b Ig (f ) ≡ f dg, (3) a
which is the Riemann-Stieltjes integral of f with respect to g (Section 2). In the construction of this integral and the linear functional in PVS, the original intent was to simply generalize the construction of the Riemann integral in the NASA PVS libraries that was created by Ricky Butler [But09]. Ideally, it would have been possible to generalize Butler’s proof that a continuous function is Riemann integrable to a proof that the functional Ig is indeed well-defined. However, a new proof had to be developed, because Butler’s proofs were based on step functions, which are not necessarily Riemann-Stieltjes integrable (Section 2). Journal of Formalized Reasoning Vol. 4, No. 1, 2011.
A Formal Proof Of The Riesz Representation Theorem
·
3
A result needed in Haaser and Sullivan’s proof of the Riesz theorem is the equivalence of the Riemann-Stieltjes and Darboux-Stieltjes integrals. This result is used to prove the lemma that a continuous function is Riemann-Stieltjes integrable with respect to any function of bounded variation. In the proof of the Riesz theorem in PVS, a simpler method was used to prove the integrability of continuous functions. This method is to prove one theorem that extracts the main idea of this integral equivalence and can be used to prove the integrability of continuous functions. The proof of this theorem is somewhat tricky due to its use of refinements of partitions and inequalities between finite sums. The Riesz theorem says that every bounded linear functional on C[a, b] is given by Ig for some g ∈ BV [a, b]. Theorem 1.1. (The Riez Representation Theorem; Theorem 6.1 in [HS71]) If L is a bounded linear functional on C[a, b], then there exists a function g ∈ BV [a, b] such that L = Ig and kLkC[a,b] = Vab (g). The proof of the theorem is constructive. In is given by 0 ¯ [a,x) ) g(x) = L(χ ¯ L(χ[a,x] )
fact, the function g such that L = Ig if x = a if a < x < b if x = b
(4)
¯ is an extension of L to the space B[a, b] of bounded functions on [a, b], and where L where, for a given interval Int, χInt denotes the characteristic function of Int. Typically, constructing a formal proof of a difficult result in a mathematics textbook will reveal some special cases that were overlooked by the author. In the case of the Riesz theorem, the distinction between the formal PVS proof and the informal textbook proof was even greater than this, because the textbook proof in question [HS71] constructs the function g incorrectly. The definition given there of the function g is ( 0 if x = a (5) ginc (x) = ¯ [a,x) ) if a < x ≤ b L(χ While the definitions of the functions g and ginc are almost identical, the key property of g that is needed in the proof is not satisfied by the function ginc (Section 5.1). A person trained in Lebesgue integration theory may look at the functions g and ginc and assume that they are essentially equivalent, since the only difference occurs at the single point b. However, the Riemann-Stieltjes integral is different from the Lebesgue integral in that it is not true that two functions which differ only at one point have the same Riemann-Stieltjes integral, even if they are both integrable. One difficult part of the proof of the Riesz theorem is verifying that any bounded ¯ on linear functional L on C[a, b] can be extended to a bounded linear functional L ¯ B[a, b] such that kLkC[a,b] = kLkB[a,b] . This statement is an instantiation of the Hahn-Banach theorem, another fundamental theorem in functional analysis that is well known to graduate students in analysis. The Hahn-Banach theorem says that if X and Y are real normed linear spaces such that X ⊂ Y , and if H : X → R is ¯ : Y → R, of a bounded linear functional on X, then there exists an extension, H Journal of Formalized Reasoning Vol. 4, No. 1, 2011.
4
·
Anthony Narkawicz
¯ Y . The following case of the Hahn-Banach theorem has H such that kHkX = kHk been formally proved in PVS. Theorem 1.2. (Special Case of Hahn-Banach) If L is a bounded linear functional ¯ : B[a, b] → R, of L such that kLkC[a,b] = on C[a, b], then there exists an extension, L ¯ kLkB[a,b] . Formal proofs of the complete Hahn-Banach theorem have been completed before [NT93, BW00, Bau01]. As in the case of the Riesz theorem, the proof follows the informal textbook proof in [HS71] (Theorem 5.6 and Corollary 5.7). There is a critical step in the proof of the Hahn-Banach theorem in which one must show that if H is a bounded linear functional on a subspace S of B[a, b], ¯ of H to and if a function f ∈ B[a, b] is not in S, then there exists an extension H ¯ is defined by the subspace S¯ = {s + c · f | s ∈ S, c ∈ R} of S. The extension H ¯ H(s+c·f ) = H(s)+c·β, where β is a fixed real number satisfying a certain property. ¯ directly in this way is not possible in PVS, so specific functions had to Defining H ¯ compute the function s and the be defined that, given an element r = s + c · f of S, constant c, and the linearity and uniqueness of these functions had to be verified. As usual, the formal PVS proofs of the Riesz and Hahn-Banach theorems were much longer and more detailed than the informal textbook proofs. The only exception was in the proof that a continuous function is Riemann-Stieltjes integrable with respect to any function of bounded variation. As mentioned above, Haaser and Sullivan’s textbook proves this by first constructing the Darboux-Stieltjes integral and proving its equivalence to the Riemann-Stieltjes integral. The formal proof in PVS takes a simpler approach by proving one theorem that captures the needed underlying concept from this integral inequality. 1.1
Acknowledgements
The author would like to thank C´esar A. Mu˜ noz and Ricky Butler for their helpful comments and corrections to this paper. 2.
RIEMANN-STIELTJES INTEGRABILITY OF CONTINUOUS FUNCTIONS
This section presents the formalization of the Riemann-Stieltjes (RS) integral and the proof that continuous functions on [a, b] are integrable with respect to any function of bounded variation on [a, b]. 2.1
Functions on [a, b]
There are three specific spaces, each consisting of real-valued functions on [a, b], whose properties are used in the Riesz representation theorem and its proof. The spaces are C[a, b], which consists of all continuous functions on [a, b], B[a, b], which consists of all bounded functions on [a, b], and BV [a, b], which consists of all functions of bounded variation on [a, b]. The PVS theories in which the RiemannStieltjes integral is defined and its basic properties are proved all have a parameter T , which is a subtype of the real numbers. The type T must be connected and contain more than one element, and it is therefore an interval which can be infinite in length and may or may not contain either endpoint. In the PVS theories in which the Hahn-Banach and Riesz-Representation theorems are proved, the real numbers a and b are parameters of the theories, and a and b are restricted by their types to Journal of Formalized Reasoning Vol. 4, No. 1, 2011.
A Formal Proof Of The Riesz Representation Theorem
·
5
satisfy a < b. In these theories that have a and b as parameters, INTab refers to the type consisting of all real numbers in the interval [a, b], and Intab (with lower-case n and t) refers to the set [a, b]. 2.2
Partitions on [a, b]
The formalization of the RS integral defines a partition using the finite sequence theories in the NASA PVS libraries. In these theories, a finite sequence is a record type with two fields, a natural number length and an infinite sequence seq of real numbers that evaluates to a default value for all indices greater than length-1. In PVS, elements of this finite sequence are written using the form (# length := n, seq := f #), where n is a natural number and f is a function from natural numbers into real numbers. The formal definition of a partition in the RS theories is given as follows. It is defined by a predicate partition_pred? on finite sequences that tests whether a given finite sequence is a partition of the interval [a, b]. partition_pred?(a:T,b:{x:T|a 1 AND xx(0) = a AND xx(N-1) = b AND increasing?(fs) AND (FORALL (i:below(N)): a
