Lecture 1: Introduction

Teachers: Bruno Barras & Matthieu Sozeau

Introduction: Overview

Proofs with computers require:

  • a language to represent

    • objects and operations (integers, functions, ….)
    • properties of objects (FO logic, higher-order logic, …)
  • a method to construct/verify proofs

Higher-logic-based logic:

  • typed $λ$-calculus to represent objects and properties
  • proof terms to construct and verify proofs

Examples of projects in Coq:

  • JavaCard semantics
  • Feit-Thompson theorem (G. Gonthier et al.)
  • 4-colors theorem (Gonthier, B. Werner)
  • Compcert (X. Leroy)

(Reminder) First-order (FO) logic

  • Terms
  • Formulas
  • Natural deduction (ND) rules: intro/elim rules for each connective ($∧, ∨, ⇒, ⊥, \ldots$)

    • NB: excluded-middle is a special introduction-rule for $∨$, but here we work in an intuitionistic setting, so we won’t use it

When you use Coq or ND, you start with the conclusion (the property you want to prove), and you proceed backwards when constructing the proof tree


Untyped $λ$-calculus: orginally, introduced to have notations for higher-order logic (syntax for formulas):

  • FO extended with binders:

    • $λ$-abstraction for quantifiers, constant symbols for logical connectives
  • computation rule: $β$-reduction
  • $β$-equivalent formulas are identified

Comprehension axiom in set theory

$λx. P(x)$:

set of all elements satisfying $P$

$t_1 t_2$:

membership: $t_2 ∈ t_1$

But you don’t restrain the comprehension axiom: $δ ≝ λx. ¬(xx)$

Problem: with $δ ≝ λx. ¬(xx)$$$

δδ ⟶_β ¬(δδ)

Exercise: we have a paradox (Kleene-Rosser paradox) without even using the excluded-middle!

\infer[⇒E]{⊢ \underbrace{(λx.(xx))(λx.(xx))}_{≝ \; Ω}:⊥} { \infer{⊢ λx.(xx):¬(δδ)}{\phantom{⊢ λx.(xx)} // \phantom{:¬(δδ)}} & \infer{⊢ λx.(xx): δδ}{ \infer[⇒I]{⊢ λx.(xx): ¬(δδ)}{ \infer[⇒E]{x:δδ ⊢ xx:⊥}{ \infer{x:δδ ⊢ x:¬(δδ)}{ \infer[Ax]{x:δδ ⊢ x:δδ}{\phantom{x:δδ ⊢ x:δδ}} } & \infer[Ax]{x:δδ ⊢ x:δδ}{\phantom{x:δδ ⊢ x:δδ}} } } } }

⟹ in 1940: Church found a solution to avoid this paradox: introduce a typing disciplineSimply typed $λ$-calculus

Church’s Higher-Order Logic (HOL): two base types

  • $ι$ the type of individuals
  • $\omicron$ the type of logical formulas (propositions)

Ex:

  • $⊤, ⊥: \omicron$
  • $¬: \omicron → \omicron$
  • predicates of type $ι → \omicron$

⟹ Proof assistants: HOL4, HOL-Light, Isabelle/HOL, …

Brouwer-Heyting-Kolmogorov (BHK) interpretation

Given a proposition $A$, what is a proof thereof?

  • Conjunction: couple of proofs
  • Disjunction: either a proof of $A$ or of $B$.

    • But problems:

      • how to prove $A ∨ B ⊢ B ∨ A$ ⟶ not really problematic: true when you restrict yourself to the empty context
      • excluded-middle: you have no proof neither of $A$ nor $¬A$ if $A$ is undecidable
  • $A ⇒ B, ∀x. P(x)$: producing a proof given another one
  • $∃x. P(x)$: a couple of a witness $e$ and a proof $P(e)$

    • same problem with the excluded-middle

We have a type of proof for each proposition:

  • $Prf(A ∧ B) = Prf(A) × Prf(B)$ (cartesian product)
  • and so on…

⟹ Curry-Howard isomorphism: intuitionistic propositional logic is “equivalent” to the typing discipline of simply typed $λ$-calculus

Logic $λ$-calculus
proposition type
proof term
$M$ is a proof of $T$ $⊢ M:T$

NB: important to non-inhabited types (ex: $⊥$ had better be inhabited): the coherence of your logic depends on it.

Here, both terms and types are $λ$-terms (contrary to Martin-Löf type theory, where you have two judgements: $Γ ⊢ τ \text{ type}$ and $Γ ⊢ t:τ$): there are special constants that enable us to make a difference between terms and types ($\omicron$ in HOL, Prop in Coq, no disctinction made in Automath either)

Extension to FO logic

Example:

  • $p: ∀_τ x.x=x$ is not function of the simply-typed $λ$-calculus
  • similarly, a proof $p: ∃_ℤ x. x^2 = 4$ is a dependent type

Dependent type theory $λ∏$: basis of many type theoretical formalisms:

  • ELF, Dedukti ($λ∏M$)
  • Martin-Löf
A → B \, ≝ \, \prod_{x:A}. B \quad \text{ where } x∈fv(B)
p: \prod_{x:A} x=x\\ pe: e=e

Leave a comment