Computer Assisted Proofs Colin R IBA LIP ENS Lyon Course 05 10th - - PowerPoint PPT Presentation

Computer Assisted Proofs

Colin RIBA

LIP – ENS Lyon

Course 05 10th Oct. 2014

1 / 18

Curry-Howard Correspondence

Curry-Howard Correspondence

Intuitionistic Predicate Logic

2 / 18

Curry-Howard Correspondence Proof Terms and Translation of Derivations

Proof Terms for NJ

Let L(V, Σ, Π) be a first-order language. Main Idea.

◮ A proof of ∀x.A is a function

mapping a ∈ Ter(Var, Σ) to a proof of A[a/x].

◮ A proof of ∃x.A is a pair

(a, t), where a ∈ Ter(Var, Σ) and t is a proof of A[a/x].

3 / 18

Curry-Howard Correspondence Proof Terms and Translation of Derivations

Proof Terms for NJ

Let L(V, Σ, Π) be a first-order language. Main Idea.

◮ A proof of ∀x.A is a function

mapping a ∈ Ter(Var, Σ) to a proof of A[a/x].

◮ A proof of ∃x.A is a pair

(a, t), where a ∈ Ter(Var, Σ) and t is a proof of A[a/x]. There are two worlds:

◮ individual terms {a, b, c, . . . } of L(V, Σ, Π), ◮ proof terms (λ-terms) {t, u, v, . . . }.

3 / 18

Curry-Howard Correspondence Proof Terms and Translation of Derivations

Proof Terms for NJ

Let L(V, Σ, Π) be a first-order language. Main Idea.

◮ A proof of ∀x.A is a function

mapping a ∈ Ter(Var, Σ) to a proof of A[a/x].

◮ A proof of ∃x.A is a pair

(a, t), where a ∈ Ter(Var, Σ) and t is a proof of A[a/x]. There are two worlds:

◮ individual terms {a, b, c, . . . } of L(V, Σ, Π), ◮ proof terms (λ-terms) {t, u, v, . . . }.

Proof Terms. t, u ∈ Λ(V, Σ) ::= x | λx.t | t u | (t, u) | π1t | π2t | in1t | in2t | () | case⊥ t {} | case t {in1x1 → u1 | in2x2 → u2} | λx.t | t a | (a, t) | let (x, y) = t in u

3 / 18

Curry-Howard Correspondence Proof Terms and Translation of Derivations

Universal Quantification Γ ⊢ t : A Γ ⊢ λx.t : ∀x.A

(∀I) (x /

∈ FV(Γ)) Γ ⊢ t : ∀x.A Γ ⊢ ta : A[a/x]

(∀E)

4 / 18

Curry-Howard Correspondence Proof Terms and Translation of Derivations

Universal Quantification Γ ⊢ t : A Γ ⊢ λx.t : ∀x.A

(∀I) (x /

∈ FV(Γ)) Γ ⊢ t : ∀x.A Γ ⊢ ta : A[a/x]

(∀E)

. . . Π Γ ⊢ t : A

x / ∈ FV(Γ, A)

Γ ⊢ λx.t : ∀x.A Γ ⊢ (λx.t)a : A[a/x] ⊲β . . . « Π[a/x] » Γ ⊢ t[a/x] : A[a/x]

4 / 18

Curry-Howard Correspondence Proof Terms and Translation of Derivations

Universal Quantification Γ ⊢ t : A Γ ⊢ λx.t : ∀x.A

(∀I) (x /

∈ FV(Γ)) Γ ⊢ t : ∀x.A Γ ⊢ ta : A[a/x]

(∀E)

. . . Π Γ ⊢ t : A

x / ∈ FV(Γ, A)

Γ ⊢ λx.t : ∀x.A Γ ⊢ (λx.t)a : A[a/x] ⊲β . . . « Π[a/x] » Γ ⊢ t[a/x] : A[a/x] Existential Quantification Γ ⊢ t : A[a/x] Γ ⊢ (a, t) : ∃x.A

(∃I)

Γ ⊢ t : ∃x.A Γ, y : A ⊢ u : B Γ ⊢ let (x, y) = t in u : B

(∃E) (x /

∈ FV(Γ, B))

4 / 18

Curry-Howard Correspondence Proof Terms and Translation of Derivations

Universal Quantification Γ ⊢ t : A Γ ⊢ λx.t : ∀x.A

(∀I) (x /

∈ FV(Γ)) Γ ⊢ t : ∀x.A Γ ⊢ ta : A[a/x]

(∀E)

. . . Π Γ ⊢ t : A

x / ∈ FV(Γ, A)

Γ ⊢ λx.t : ∀x.A Γ ⊢ (λx.t)a : A[a/x] ⊲β . . . « Π[a/x] » Γ ⊢ t[a/x] : A[a/x] Existential Quantification Γ ⊢ t : A[a/x] Γ ⊢ (a, t) : ∃x.A

(∃I)

Γ ⊢ t : ∃x.A Γ, y : A ⊢ u : B Γ ⊢ let (x, y) = t in u : B

(∃E) (x /

∈ FV(Γ, B)) . . . Π1 Γ ⊢ t : A[a/x] Γ ⊢ (a, t) : ∃x.A . . . Π2

x / ∈ FV(Γ, B)

Γ, y : A ⊢ u : B Γ ⊢ let (x, y) = (a, t) in u : B ⊲β . . . « Π2[Π1/y][a/x] » Γ ⊢ u[t/y][a/x] : B

4 / 18

Curry-Howard Correspondence Proof Terms and Translation of Derivations

Proof Terms. t, u ∈ Λ(V, Σ) ::= x | λx.t | t u | (t, u) | π1t | π2t | in1t | in2t | () | case⊥ t {} | case t {in1x1 → u1 | in2x2 → u2} | λx.t | t a | (a, t) | let (x, y) = t in u Typing Rules: propositional rules augmented with Γ ⊢ t : A Γ ⊢ λx.t : ∀x.A

(∀I) (x /

∈ FV(Γ)) Γ ⊢ t : ∀x.A Γ ⊢ ta : A[a/x]

(∀E)

Γ ⊢ t : A[a/x] Γ ⊢ (a, t) : ∃x.A

(∃I)

Γ ⊢ t : ∃x.A Γ, y : A ⊢ u : B Γ ⊢ let (x, y) = t in u : B

(∃E) (x /

∈ FV(Γ, B)) Reduction: β-reduction of the λ-calculus with sums and products, aumgented with (λx.t)a ⊲β t[a/x] let (x, y) = (a, t) in u ⊲β u[t/y][a/x] and the corresponding context rules.

5 / 18

Curry-Howard Correspondence Proof Terms and Translation of Derivations

Example

◮ Reminder: models of first-order logic are assumed to be non-empty. ◮ ∀x.A ⊢ ∃x.A

is derivable.

6 / 18

Curry-Howard Correspondence Proof Terms and Translation of Derivations

Example

◮ Reminder: models of first-order logic are assumed to be non-empty. ◮ ∀x.A ⊢ ∃x.A

is derivable.

◮ With proof terms:

h : ∀x.A ⊢ (x, hx) : ∃x.A ⊢ λh.(x, hx) : ∀x.A ⇒ ∃x.A

6 / 18

Curry-Howard Correspondence Proof Terms and Translation of Derivations

Example

◮ Reminder: models of first-order logic are assumed to be non-empty. ◮ ∀x.A ⊢ ∃x.A

is derivable.

◮ With proof terms:

h : ∀x.A ⊢ (x, hx) : ∃x.A ⊢ λh.(x, hx) : ∀x.A ⇒ ∃x.A

◮ this proof term is open even if ∀x.A is closed. ◮ The variable x can be replaced by a closed term, if there is one in

Ter(V, Σ).

◮ This variable reflects the assumption that the models of Ter(V, Σ) are

non-empty, even if Ter(V, Σ) describes possibly empty structures.

6 / 18

Curry-Howard Correspondence Main Properties

Main Properties (1/2)

Lemma (Curry-Howard Correspondence)

A1, . . . , An ⊢ A is derivable in NJ iff there is a term t whose free proof variables are among x1, . . . , xn and such that x1 : A1, . . . , xn : An ⊢ t : A.

7 / 18

Curry-Howard Correspondence Main Properties

Main Properties (1/2)

Lemma (Curry-Howard Correspondence)

A1, . . . , An ⊢ A is derivable in NJ iff there is a term t whose free proof variables are among x1, . . . , xn and such that x1 : A1, . . . , xn : An ⊢ t : A.

Theorem

◮ The relation ⊲β is confluent. ◮ If Γ, x : B ⊢ t : A and Γ ⊢ u : B then Γ ⊢ t[u/x] : A. ◮ If Γ ⊢ t : A then Γ[a/x] ⊢ t[a/x] : A[a/x] ◮ The relation ⊲β preserves typing. ◮ The relation ⊲β is strongly normalizing on typed terms.

7 / 18

Curry-Howard Correspondence Main Properties

Main Properties (1/2)

Lemma (Curry-Howard Correspondence)

A1, . . . , An ⊢ A is derivable in NJ iff there is a term t whose free proof variables are among x1, . . . , xn and such that x1 : A1, . . . , xn : An ⊢ t : A.

Theorem

◮ The relation ⊲β is confluent. ◮ If Γ, x : B ⊢ t : A and Γ ⊢ u : B then Γ ⊢ t[u/x] : A. ◮ If Γ ⊢ t : A then Γ[a/x] ⊢ t[a/x] : A[a/x] ◮ The relation ⊲β preserves typing. ◮ The relation ⊲β is strongly normalizing on typed terms.

Lemma (Normal forms in the empty context)

If t is typable in the empty context and in normal form for ⊲β, then t is of the form: () λx.u (u, v) iniu λx.t (a, t) .

7 / 18

Curry-Howard Correspondence Main Properties

Main Properties (2/2)

Lemma (Curry-Howard Correspondence)

A1, . . . , An ⊢ A is derivable in NJ iff there is a term t whose free proof variables are among x1, . . . , xn and such that x1 : A1, . . . , xn : An ⊢ t : A.

Lemma (Normal forms in the empty context)

If t is typable in the empty context and in normal form for ⊲β, then t is of the form: () λx.u (u, v) iniu λx.t (a, t) .

8 / 18

Curry-Howard Correspondence Main Properties

Main Properties (2/2)

Lemma (Curry-Howard Correspondence)

A1, . . . , An ⊢ A is derivable in NJ iff there is a term t whose free proof variables are among x1, . . . , xn and such that x1 : A1, . . . , xn : An ⊢ t : A.

Lemma (Normal forms in the empty context)

If t is typable in the empty context and in normal form for ⊲β, then t is of the form: () λx.u (u, v) iniu λx.t (a, t) .

Corollary

In intuitionistic predicate logic,

◮ ⊢ ⊥ is not derivable, ◮ if ⊢ A ∨ B then either ⊢ A or ⊢ B. ◮ if ⊢ ∃x.A then there exists a ∈ Ter(V, Σ) such that ⊢ A[a/x].

8 / 18

Curry-Howard Correspondence Main Properties

Logic with Equality (1/2)

9 / 18

Curry-Howard Correspondence Main Properties

Logic with Equality (1/2)

Proof terms.

◮ eqI

for reflexivity (∀x. x = x)

◮ eqE

for Leibniz’s scheme (∀xy. x = y ⇒ A[x/z] ⇒ A[y/z]) Typing rules. Γ ⊢ eqIa : a = a Γ ⊢ t : a = b Γ ⊢ u : A[a/x] Γ ⊢ eqE(a, b, t, u) : A[b/x]

9 / 18

Curry-Howard Correspondence Main Properties

Logic with Equality (1/2)

Proof terms.

◮ eqI

for reflexivity (∀x. x = x)

◮ eqE

for Leibniz’s scheme (∀xy. x = y ⇒ A[x/z] ⇒ A[y/z]) Typing rules. Γ ⊢ eqIa : a = a Γ ⊢ t : a = b Γ ⊢ u : A[a/x] Γ ⊢ eqE(a, b, t, u) : A[b/x] Equality Cuts. Γ ⊢ eqI a : a = a Π Γ ⊢ u : A[a/x] Γ ⊢ eqE(a, a , (eqI a), u) : A[a/x] ⊲β Π Γ ⊢ u : A[a/x] Reduction. eqE(a, b , (eqI c), u) ⊲β u

(by typing, a, b and c are the same)

9 / 18

Curry-Howard Correspondence Main Properties

Logic with Equality (2/2)

t, u ∈ Λ(V, Σ) ::= x | λx.t | t u | (t, u) | π1t | π2t | in1t | in2t | () | case⊥ t {} | case t {in1x1 → u1 | in2x2 → u2} | λx.t | t a | (a, t) | let (x, y) = t in u | eqIa | eqE(a, b, t, u)

10 / 18

Curry-Howard Correspondence Main Properties

Logic with Equality (2/2)

t, u ∈ Λ(V, Σ) ::= x | λx.t | t u | (t, u) | π1t | π2t | in1t | in2t | () | case⊥ t {} | case t {in1x1 → u1 | in2x2 → u2} | λx.t | t a | (a, t) | let (x, y) = t in u | eqIa | eqE(a, b, t, u)

Lemma (Normal forms in the empty context)

If t is typable in the empty context and in normal form for ⊲β, then t is of the form: () λx.u (u, v) iniu λx.t (a, t) eqIa

10 / 18

Curry-Howard Correspondence Main Properties

Logic with Equality (2/2)

t, u ∈ Λ(V, Σ) ::= x | λx.t | t u | (t, u) | π1t | π2t | in1t | in2t | () | case⊥ t {} | case t {in1x1 → u1 | in2x2 → u2} | λx.t | t a | (a, t) | let (x, y) = t in u | eqIa | eqE(a, b, t, u)

Lemma (Normal forms in the empty context)

If t is typable in the empty context and in normal form for ⊲β, then t is of the form: () λx.u (u, v) iniu λx.t (a, t) eqIa

Corollary

In intuitionistic predicate logic with equality,

◮ ⊢ ⊥ is not derivable, ◮ if ⊢ A ∨ B then either ⊢ A or ⊢ B. ◮ if ⊢ ∃x.A then there exists a ∈ Ter(V, Σ) such that ⊢ A[a/x].

10 / 18

Normalization

Normalization

11 / 18

Normalization

Predicate Logic

Goal: show that if x1 : A1, . . . , xn : An ⊢ t : A then t is strongly normalizing.

12 / 18

Normalization

Predicate Logic

Goal: show that if x1 : A1, . . . , xn : An ⊢ t : A then t is strongly normalizing. Erasing: first-order formulas

(_)◦

− → simple types with sums and products

12 / 18

Normalization

Predicate Logic

Goal: show that if x1 : A1, . . . , xn : An ⊢ t : A then t is strongly normalizing. Erasing: first-order formulas

(_)◦

− → simple types with sums and products

◮ We let oP be a base type for each atomic predicate P ∈ Π. ◮ Reasoning as in Curry-Howard, we can already let:

P( a)◦ :=

• P

⊤◦ := Unit ⊥◦ := Void (A ⇒ B)◦ := A◦ → B◦ (A ∧ B)◦ := A◦ × B◦ (A ∨ B)◦ := A◦ + B◦

12 / 18

Normalization

Individuals and Quantifiers

Erasing: first-order formulas

(_)◦

− → simple types with sums and products

13 / 18

Normalization

Individuals and Quantifiers

Erasing: first-order formulas

(_)◦

− → simple types with sums and products individuals

(_)◦

− → simply typed λ-terms

13 / 18

Normalization

Individuals and Quantifiers

Erasing: first-order formulas

(_)◦

− → simple types with sums and products individuals

(_)◦

− → simply typed λ-terms ◮ We let ι be a base type for the terms a ∈ Ter(V, Σ) Typing rules: Γ, x : ι ⊢ x : ι Γ ⊢ a1 : ι . . . Γ ⊢ an : ι Γ ⊢ f(a1, . . . , an) : ι (f ∈ Σn)

from now on, we avoid the color a for terms of Ter(V, Σ).

13 / 18

Normalization

Individuals and Quantifiers

Erasing: first-order formulas

(_)◦

− → simple types with sums and products individuals

(_)◦

− → simply typed λ-terms ◮ We let ι be a base type for the terms a ∈ Ter(V, Σ) Typing rules: Γ, x : ι ⊢ x : ι Γ ⊢ a1 : ι . . . Γ ⊢ an : ι Γ ⊢ f(a1, . . . , an) : ι (f ∈ Σn)

from now on, we avoid the color a for terms of Ter(V, Σ).

Translation of the quantifiers: (∀x.A)◦ := ι → A◦ (∃x.A)◦ := ι × A◦

13 / 18

Normalization

Translation of typing derivations

Goal: If Γ ⊢ t : A in NJ then Γ ◦ ⊢ t : A◦

◮ OK for the rules of ⊤, ⊥, ⇒, ∧, ∨:

they exactly correspond to those of Unit, Void, →, ×, +.

14 / 18

Normalization

Translation of typing derivations

Goal: If Γ ⊢ t : A in NJ then Γ ◦ ⊢ t : A◦

◮ OK for the rules of ⊤, ⊥, ⇒, ∧, ∨:

they exactly correspond to those of Unit, Void, →, ×, +.

◮ We do not have

Γ ⊢ t : ∀x.A Γ ⊢ ta : A[a/x]

(_)◦

− → Γ ◦ ⊢ t : ι → A◦ Γ ◦ ⊢ ta : A◦ but we can have (with weakening) Γ ⊢ t : ∀x.A Γ ⊢ ta : A[a/x]

(_)◦

− → Γ ◦ ⊢ t : ι → A◦ ∆ ⊢ a : ι ∆, Γ ◦ ⊢ ta : A◦

14 / 18

Normalization

Translation of typing derivations

Goal: If Γ ⊢ t : A in NJ then Γ ◦ ⊢ t : A◦

◮ OK for the rules of ⊤, ⊥, ⇒, ∧, ∨:

they exactly correspond to those of Unit, Void, →, ×, +.

◮ We do not have

Γ ⊢ t : ∀x.A Γ ⊢ ta : A[a/x]

(_)◦

− → Γ ◦ ⊢ t : ι → A◦ Γ ◦ ⊢ ta : A◦ but we can have (with weakening) Γ ⊢ t : ∀x.A Γ ⊢ ta : A[a/x]

(_)◦

− → Γ ◦ ⊢ t : ι → A◦ ∆ ⊢ a : ι ∆, Γ ◦ ⊢ ta : A◦

◮ Moreover the elimination of ∃:

Γ ⊢ t : ∃x.A Γ, y : A ⊢ u : B Γ ⊢ let (x, y) = t in u : B is translated by augmenting the simply typed λ-calculus with Γ ⊢ t : ι × T Γ, x : ι, y : T ⊢ u : U Γ ⊢ let (x, y) = t in u : U let (x, y) = (v, t) in u ⊲β u[v/x][t/y]

14 / 18

Normalization

The target language of (_)◦

Terms. t, u ∈ Λ(Σ) ::= x | λx.t | t u | (t, u) | π1t | π2t | in1t | in2t | () | case⊥ t {} | case t {in1x1 → u1 | in2x2 → u2} | f(t1, . . . , tn) | let (x, y) = t in u where f ∈ Σn.

15 / 18

Normalization

The target language of (_)◦

Terms. t, u ∈ Λ(Σ) ::= x | λx.t | t u | (t, u) | π1t | π2t | in1t | in2t | () | case⊥ t {} | case t {in1x1 → u1 | in2x2 → u2} | f(t1, . . . , tn) | let (x, y) = t in u where f ∈ Σn. Typing rules. Rules of the simply typed λ-calculus with sums and products augmented with Γ ⊢ a1 : ι . . . Γ ⊢ an : ι Γ ⊢ f(a1, . . . , an) : ι (f ∈ Σn) Γ ⊢ t : ι × T Γ, x : ι, y : T ⊢ u : U Γ ⊢ let (x, y) = t in u : U

15 / 18

Normalization

The target language of (_)◦

Terms. t, u ∈ Λ(Σ) ::= x | λx.t | t u | (t, u) | π1t | π2t | in1t | in2t | () | case⊥ t {} | case t {in1x1 → u1 | in2x2 → u2} | f(t1, . . . , tn) | let (x, y) = t in u where f ∈ Σn. Typing rules. Rules of the simply typed λ-calculus with sums and products augmented with Γ ⊢ a1 : ι . . . Γ ⊢ an : ι Γ ⊢ f(a1, . . . , an) : ι (f ∈ Σn) Γ ⊢ t : ι × T Γ, x : ι, y : T ⊢ u : U Γ ⊢ let (x, y) = t in u : U Reduction. β-reduction of the λ-calculus with sums and products augmented with let (x, y) = (a, t) in u ⊲β u[t/y][a/x] and the corresponding context rules.

15 / 18

Normalization

Main Properties of the Translation

Lemma

If Γ ⊢ t : A in NJ, then there is a context ∆ = x1 : ι, . . . , xn : ι such that Γ ◦, ∆ ⊢ t : A◦

16 / 18

Normalization

Main Properties of the Translation

Lemma

If Γ ⊢ t : A in NJ, then there is a context ∆ = x1 : ι, . . . , xn : ι such that Γ ◦, ∆ ⊢ t : A◦

◮ The simply typed λ-caclulus with sums, products and let

is strongly normalizing.

Corollary

If Γ ⊢ t : A in NJ, then t is strongly normalizing.

16 / 18

Normalization

Logic with Equality

Terms of the target calculus. t, u ∈ Λ(Σ) ::= x | λx.t | t u | (t, u) | π1t | π2t | in1t | in2t | () | case⊥ t {} | case t {in1x1 → u1 | in2x2 → u2} | f(t1, . . . , tn) | let (x, y) = t in u | eqI t | eqE(t, u, v, w) where f ∈ Σn.

17 / 18

Normalization

Logic with Equality

Terms of the target calculus. t, u ∈ Λ(Σ) ::= x | λx.t | t u | (t, u) | π1t | π2t | in1t | in2t | () | case⊥ t {} | case t {in1x1 → u1 | in2x2 → u2} | f(t1, . . . , tn) | let (x, y) = t in u | eqI t | eqE(t, u, v, w) where f ∈ Σn. Erasing extended with: (a = b)◦ := Unit Typing extended with: Γ ⊢ eqI : ι → Unit Γ ⊢ eqE : ι → ι → Unit → T → T

17 / 18

Normalization

Logic with Equality

Terms of the target calculus. t, u ∈ Λ(Σ) ::= x | λx.t | t u | (t, u) | π1t | π2t | in1t | in2t | () | case⊥ t {} | case t {in1x1 → u1 | in2x2 → u2} | f(t1, . . . , tn) | let (x, y) = t in u | eqI t | eqE(t, u, v, w) where f ∈ Σn. Erasing extended with: (a = b)◦ := Unit Typing extended with: Γ ⊢ eqI : ι → Unit Γ ⊢ eqE : ι → ι → Unit → T → T Lemma. If Γ ⊢ t : A in NJ with equality, then there is a context ∆ = x1 : ι, . . . , xn : ι such that Γ ◦, ∆ ⊢ t : A◦ Normalization. If Γ ⊢ t : A in NJ with equality, then t is strongly normalizing.

17 / 18

Gödel’s System T

Gödel’s System T

(on blackboard)

18 / 18