Proving with Computer Assistance Lecture 2. Herman Geuvers

Save this PDF as:
 WORD  PNG  TXT  JPG

Μέγεθος: px
Εμφάνιση ξεκινά από τη σελίδα:

Download "Proving with Computer Assistance Lecture 2. Herman Geuvers"

Transcript

1 Proving with Computer Assistance Lecture 2 Herman Geuvers 1

2 Typed λ calculus as the basis for a Proof Assistant (e.g. Coq) λ-term program proof type specification formula Integrated system for proving and programming 2

3 Simplest system: λ or simple type theory, STT. Just arrow types Typ := TVar (Typ Typ) Examples: (α β) α, (α β) ((β γ) (α γ)) Brackets associate to the right and outside brackets are omitted: (α β) (β γ) α γ Types are denoted by σ, τ,.... Terms: typed variables x σ 1, x σ 2,..., countably many for every σ. application: if M : σ τ and N : σ, then (MN) : τ abstraction: if P : τ, then (λx σ.p) : σ τ 3

4 Examples: λx σ.λy τ.x : σ τ σ λx α β.λy β γ.λz α.y(xz) : (α β) (β γ) α γ λx α.λy (β α) α.y(λz β.x) : α ((β α) α) α For every type there is a term of that type: x σ : σ Not for every type there is a closed term of that type: (α α) α is not inhabited [That is: there is no closed term of type (α α) α.] 4

5 Typed Terms versus Type Assignment: With typed terms also called typing à la Church, we have terms with type information in the λ-abstraction Terms have unique types, λx α.x : α α The type is directly computed from the type info in the variables. With typed assignment also called typing à la Curry, we assign types to untyped λ-terms λx.x : α α Terms do not have unique types, A principal type can be computed using unification. Will be discussed in detail in a forthcoming lecture 5

6 Examples: Typed Terms: λx α.λy (β α) α.y(λz β.x) has only the type α ((β α) α) α Type Assignment: λx.λy.y(λz.x) can be assigned the types α ((β α) α) α α ((β α) γ) γ (α α) ((β α α) γ) γ... 6

7 The Curry formulation is especially interesting for programming: you want to write as little type information as possible; let the compiler infer the types for you. The Church formulation is especially interesting for proof checking: terms are created interactively; type structure is so intricate that type inference is undecidable (if you start from an untyped term). In this course we will mainly focus on the Church formulation of type theory: terms with type information. 7

8 Church formulation of simple type theory: terms with type information. Inductive definition of the terms: typed variables x σ 1, x σ 2,..., countably many for every σ. application: if M : σ τ and N : σ, then (MN) : τ abstraction: if P : τ, then (λx σ.p) : σ τ Alternative: Inductive definition of the terms in rule form: x σ : σ M : σ τ N : σ MN : τ P : τ λx σ.p : σ τ Advantage: We also have a derivation tree, a proof of the fact that the term has that type. We can reason over derivations. 8

9 Simple type theory a la Church. Formulation with contexts to declare the free variables: x 1 : σ 1, x 2 : σ 2,...,x n : σ n is a context, usually denoted by Γ. Derivation rules of λ (à la Church): x:σ Γ Γ x : σ Γ M : σ τ Γ N : σ Γ MN : τ Γ, x:σ P : τ Γ λx:σ.p : σ τ Γ λ M : σ if there is a derivation using these rules with conclusion Γ M : σ 9

10 Formulas-as-Types (Curry, Howard): There are two readings of a judgement M : σ 1. term as algorithm/program, type as specification: M is a function of type σ 2. type as a proposition, term as its proof: M is a proof of the proposition σ There is a one-to-one correspondence: typable terms in λ derivations in minimal proposition logic x 1 : τ 1, x 2 : τ 2,...,x n : τ n M : σ can be read as M is a proof of σ from the assumptions τ 1, τ 2,...,τ n. 10

11 Example [α β γ] 3 [α] 1 β γ γ 1 α γ (α β) α γ [α β] 2 [α] 1 β (α β γ) (α β) α γ 2 3 λx:α β γ.λy:α β.λz:α.xz(yz) : (α β γ) (α β) α γ 11

12 Example [x : α β γ] 3 [z : α] 1 xz : β γ xz(yz) : γ λz:α.xz(yz) : α γ [y : α β] 2 [z : α] 1 yz : β λy:α β.λz:α.xz(yz) : (α β) α γ λx:α β γ.λy:α β.λz:α.xz(yz) : (α β γ) (α β) α γ Exercise: Give the derivation that corresponds to λx:γ ε.λy:(γ ε) ε.y(λz.y x) : (γ ε) ((γ ε) ε) ε 12

13 Computation: β-reduction: (λx:σ.m)p β M[P/x] 13

14 Cut-elimination in minimal logic = β-reduction in λ. [σ] 1 D 1 τ 1 σ τ τ [x : σ] 1 D 1 D 2 σ M : τ D 2 1 λx:σ.m : σ τ P : σ (λx:σ.m)p : τ β D 2 σ D 1 τ D 2 P : σ D 1 M[P/x] : τ 14

15 Example: Proof of A A B, (A B) A B [A] 1 A A B [A] 1 A B B A B (A B) A [A] 1 A A B [A] 1 A B A B A B It contains a cut: a -i directly followed by an -e. B 15

16 Example: Proof of A A B, (A B) A B after reduction [A] 1 A A B [A] 1 A B [A] 1 A A B [A] 1 A B B B (A B) A A B (A B) A A B A A A B A A B B 16

17 Example: Proof of A A B, (A B) A B with term information. [y : A] 1 p : A A B [y : A] 1 p y : A B p y y : B λy:a.p y y : A B q : (A B) A (λy:a.p y y)(q(λx:a.p xx)) : B Term contains a β-redex: (λx:a.p x x) (q(λx:a.p x x)) [x : A] 1 p : A A B [x : A] 1 p x : A B p xx : B λx:a.p xx : A B q(λx:a.p xx) : A 17

18 Example: Reduced proof of A A B, (A B) A B with term info. [x : A] 1 p : A A B [x : A] 1 p : A A B [x : A] 1 p x : A B [x : A] 1 p x : A B p x x : B p x x : B q : (A B) A λx:a.p x x : A B q : (A B) A λx:a.p x x : A B q(λx:a.p x x) : A p : A A B q(λx:a.p x x) : A p(q(λx:a.p x x)) : A B p(q(λx:a.p x x))(q(λx:a.p x x)) : B 18

19 The Fitch style (also: flag style) presentation of λ. 1 x : σ M : τ 5 λx:σ.m : σ τ abs, 1, 4 abs-rule M : σ τ N : σ M N : τ app, 3, 6 app-rule 19

20 Example 1 x : α β γ 2 y : α β 3 z : α 4?? 5?? 6? : γ 7 λz:α.? : α γ 8 λy:α β.λz:α.? : (α β) α γ 9 λx:α β γ.λy:α β.λz:α.? : (α β γ) (α β) α γ 20

21 Example (ctd.) 1 x : α β γ 2 y : α β 3 z : α 4 xz : β γ 5 y z : β 6 xz(y z) : γ 7 λz:α.xz(y z) : α γ 8 λy:α β.λz:α.x z(y z) : (α β) α γ 9 λx:α β γ.λy:α β.λz:α.x z(y z) : (α β γ) (α β) α γ 21

22 Extension with other connectives: STT with product types (proposition logic with conjunction ) Γ M : σ τ Γ π 1 M : σ With reduction rules Γ M : σ τ Γ π 2 M : τ π 1 P, Q P π 2 P, Q Q Γ P : σ Γ Q : τ Γ P, Q : σ τ 22

23 Extension to predicate logic: First order language: domain D, with variables x, y, z : D and possibly functions over D, e.g. f : D D, g : D D D. Rules for x:d.ϕ and x:d.ϕ. (NB In ProofWeb, the domain D is always suppressed: x.ϕ and x.ϕ.) NB There are two kinds of variables: the first order variables (ranging over the domain D) and the proof variables (used as [local] assumptions of formulas). NB In Coq, you can use any name for these variables, but often H : ϕ x : D for assumptions: Suppose H is a proof of ϕ for variable declarations: Let x be an element of D 23

24 Extension to -quantifier in predicate logic. Γ M : x:d.σ Γ M t : σ[x := t] if t : D Γ M : σ Γ λx:d.m : x:d.σ x not free in Γ With the usual β-reduction rule 24

25 Example: Deriving irreflexivity from anti-symmetry AntiSym R Irrefl R := x, y:d.(rxy) (Ryx) := x:d.(rxx) Derivation in predicate logic: x, y:d.r xy R y x y:d.r xy R y x R xx R xx [R xx] R xx R xx x:d.r xx [R xx] 25

26 Derivation in type theory, with terms: H : x, y:d.r xy R y x H x : y:d.r xy R y x H xx : R xx R xx [H : R xx] H xxh : R xx [H : R xx] H xxh H : λh :(R xx).h xxh H : R xx λx:a.λh :(R xx).h xxh H : x:d.r xx 26