Lecture 1: Proofs in theories

Teacher: Gilles Dowek

Proofs in theories

Why should computer scientists care about proofs?

Church’s theorem: undecidability of provability (1936)

  • computer are truth judgment machines, telling us whether certain propositions are true

  • some problems are (semi-)decidable:

    • proof-checking is decidable (≃ 20 -ish proof assistants in the world (Coq, Agda, HOL, Isabelle, …))
    • provability is semi-decidable (Vampire, Prolog, …)
  • proof of programs
  • although there is no algorithm telling you if there exists a proof of a given proposition, a proof can be seen as an algorithm per se

  • theories: $P ⇒ P$ can be proven without knowing anything about $P$ (implication is universal), whereas you need to know the meaning of function/relation symbols to prove $2+2=4$ (addition is specific, meaning given by axioms)

    • the theories themselves can be seen as algorithms

This course:

  • proofs in theories (in arithmetic, set theory, simple type theory, etc…). One goal is to remain as general as possible.
  • the two notions of truth (proofs vs. models) converge toward one another more and more. Termination of proof reduction and building a model are more or less tantamount.

Natural Deduction (ND)

ND rules

Hilbert systems are not comfortable: no way to say ‘I want to prove $A ⟹ B$, so I need to prove $B$ assuming $A$’.

We may want to assume an extra-hypothesis ⇒ sequents of the form \(\underbrace{Γ}_{\text{hypotheses}} \underbrace{⊢}_{\text{"entails"}} \underbrace{\text{conclusion}}_{A}\) (vs. $⇒$ = implies)

\[\cfrac{Γ ⊢ A ⇒ B \qquad Γ ⊢ A}{Γ ⊢ B}\] \[\cfrac{Γ, A ⊢ B}{Γ ⊢ A ⇒ B}\] \[\cfrac{}{Γ, A ⊢ A}\]

Example:

\[\cfrac{\cfrac{}{P, Q ⊢ P}}{P ⊢ Q ⇒ P}\]

Rules

Conjunction connective $∧$

\[\cfrac{Γ ⊢ A \qquad Γ ⊢ B}{Γ ⊢ A ∧ B} ∧\text{-intro}\] \[\cfrac{Γ ⊢ A ∧ B}{Γ ⊢ A} ∧\text{-elim}\] \[\cfrac{Γ ⊢ A ∧ B}{Γ ⊢ B} ∧\text{-elim}\]

Conjunction connective $∧$

\[\cfrac{Γ ⊢ A}{Γ ⊢ A ∨ B} ∨\text{-intro}\]

etc…

A sequent is provable iff it has a derivation (proof), which is a tree whose nodes are labelled with sequents in accordance with the derivation rules.

A(n axiomatic) theory $𝒯$:

a set of closed propositions (axioms)

$A$ is provable in the theory $𝒯$:

if there exists a finite subset $Γ ⊆ 𝒯$ such that $Γ ⊢ A$ is provable.

Constructive proofs

If a proposition $∃x \, A$ has a constructive proof (i.e. does not encompass the excluded middle), without any axioms, then there exists a term $t$ such that $(t/x)A$ holds.

From a constructive proof ⟶ proof-mining fetches a witness in the proof (we have an algorithm, whose execution is proof-mining: it’s a proof the specification), with a specification.

Cuts and proof reduction

Cut:

a proof ending with an elimination rule whose main premise is proved by an introduction rule on the same symbol

Cut elimination ≃ substitution, using a lemma, $β$-reduction, inlining, …

Cut elimination: termination is tricky

Theorem (Last-rule property): if a proof is constructive, cut-free, and without any axiom, then it ends with an introduction rule

Proof: without axioms ⟹ last sequent of the form $⊢ A$. What can be previous rule?

  • intro
  • elim: not possible, as elimination rules preserve the empty context. So we would have an infinite chain of elimination rules, as we can’t have any cut, we have no axiom, and no excluded middle
  • axiom: not allowed
  • excluded middle: impossible because the proof is to be constructive

So if the last sequent is of the form $⊢ ∃x \, A$, the introduction rule just before provides a witness

NB:

  • cut-free: not a problem, modulo the cut-elimination theorem
  • not much of a limitation, constructive mathematics
  • serious limitation: you can’t prove the fact that any natural number is even or odd without axioms for example
  • in a general theory: the witness property doesn’t hold (ex: in the theory $𝒯 \, ≝ \, \lbrace ∃x\; P(x) \rbrace$, you can prove $∃x\; P(x)$ but not constructively. Solution, give a name to such an element: $𝒯 \, ≝ \, \lbrace P(c) \rbrace$)

What does it mean to set $1 ≝ S(0)$?

  • either: you have a constant $1$ and an axiom $1 = S(0)$

    • but this can be problematic: sometimes, you don’t have the last-rule property anymore, while you may have it in the second case

  • or: $1$ is such syntactic sugar for $S(0)$, it’s not really part of the language

    • so usually in proof assistants: you have an equivalence relation $≡$ on propositions and the axiom rule: \(\cfrac{}{A ⊢ B} \quad \text{if } A ≡ B\)

3 conditions your equivalence relation $≡$ must satisfy:

  1. Congruence
  2. Proof-checking must be decidable

  3. Non confusing

    • we wouldn’t want to have $∨$-intro followed by $∧$-elim if $A ∨ B ≡ C ∧ D$

    ⟶ there is no way to eliminate tonk cuts (mixing introduction and elimination rules of $∧$ and $∨$)

  • in the proof/deduction rules ≃ reasoning/deduction part (you want to keep the witnesses)
  • in the $≡$ congruence ≃ computation part of proofs

You can’t prove more propositions in deduction-modulo theories, but you have better/neater proofs

Congruences are often defined with reduction (rewrite) rules, ex:

  • $0 + y ⟶ y$
  • $S(x)+y ⟶ S(x+y)$

instead of the two Peano axioms defining addition.

Example of rewrite system that is (weakly) terminating but not strongly terminating:

\[\begin{xy} \xymatrix{ A \ar@/^/[r] & B \ar@/^/[l] \ar[d]\\ & D } \end{xy}\]

A rewriting system that is strongly terminating and confluent is such that $≡$ is decidable, where $t ≡ u$ iff $t$ and $u$ have the same irreducible form.

Proof: compare the two irreducible forms of $t$ and $u$

Leave a comment