Lecture 1: Proofs in theories
Teacher: Gilles Dowek
Proofs in theories
Why should computer scientists care about proofs?
Church’s theorem: undecidability of provability (1936)
 computer are truth judgment machines, telling us whether certain propositions are true

some problems are (semi)decidable:
 proofchecking is decidable (≃ 20 ish proof assistants in the world (Coq, Agda, HOL, Isabelle, …))
 provability is semidecidable (Vampire, Prolog, …)
 proof of programs
 although there is no algorithm telling you if there exists a proof of a given proposition, a proof can be seen as an algorithm per se

theories: $P ⇒ P$ can be proven without knowing anything about $P$ (implication is universal), whereas you need to know the meaning of function/relation symbols to prove $2+2=4$ (addition is specific, meaning given by axioms)
 the theories themselves can be seen as algorithms
This course:
 proofs in theories (in arithmetic, set theory, simple type theory, etc…). One goal is to remain as general as possible.
 the two notions of truth (proofs vs. models) converge toward one another more and more. Termination of proof reduction and building a model are more or less tantamount.
Natural Deduction (ND)
ND rules
Hilbert systems are not comfortable: no way to say ‘I want to prove $A ⟹ B$, so I need to prove $B$ assuming $A$’.
We may want to assume an extrahypothesis ⇒ sequents of the form \(\underbrace{Γ}_{\text{hypotheses}} \underbrace{⊢}_{\text{"entails"}} \underbrace{\text{conclusion}}_{A}\) (vs. $⇒$ = implies)
\[\cfrac{Γ ⊢ A ⇒ B \qquad Γ ⊢ A}{Γ ⊢ B}\] \[\cfrac{Γ, A ⊢ B}{Γ ⊢ A ⇒ B}\] \[\cfrac{}{Γ, A ⊢ A}\]Example:
\[\cfrac{\cfrac{}{P, Q ⊢ P}}{P ⊢ Q ⇒ P}\]Rules
Conjunction connective $∧$
\[\cfrac{Γ ⊢ A \qquad Γ ⊢ B}{Γ ⊢ A ∧ B} ∧\text{intro}\] \[\cfrac{Γ ⊢ A ∧ B}{Γ ⊢ A} ∧\text{elim}\] \[\cfrac{Γ ⊢ A ∧ B}{Γ ⊢ B} ∧\text{elim}\]Conjunction connective $∧$
\[\cfrac{Γ ⊢ A}{Γ ⊢ A ∨ B} ∨\text{intro}\]etc…
A sequent is provable iff it has a derivation (proof), which is a tree whose nodes are labelled with sequents in accordance with the derivation rules.
 A(n axiomatic) theory $𝒯$:

a set of closed propositions (axioms)
 $A$ is provable in the theory $𝒯$:

if there exists a finite subset $Γ ⊆ 𝒯$ such that $Γ ⊢ A$ is provable.
Constructive proofs
If a proposition $∃x \, A$ has a constructive proof (i.e. does not encompass the excluded middle), without any axioms, then there exists a term $t$ such that $(t/x)A$ holds.
From a constructive proof ⟶ proofmining fetches a witness in the proof (we have an algorithm, whose execution is proofmining: it’s a proof the specification), with a specification.
Cuts and proof reduction
 Cut:

a proof ending with an elimination rule whose main premise is proved by an introduction rule on the same symbol
Cut elimination ≃ substitution, using a lemma, $β$reduction, inlining, …
Cut elimination: termination is tricky
Theorem (Lastrule property): if a proof is constructive, cutfree, and without any axiom, then it ends with an introduction rule
Proof: without axioms ⟹ last sequent of the form $⊢ A$. What can be previous rule?
 intro
 elim: not possible, as elimination rules preserve the empty context. So we would have an infinite chain of elimination rules, as we can’t have any cut, we have no axiom, and no excluded middle
 axiom: not allowed
 excluded middle: impossible because the proof is to be constructive
So if the last sequent is of the form $⊢ ∃x \, A$, the introduction rule just before provides a witness
NB:
 cutfree: not a problem, modulo the cutelimination theorem
 not much of a limitation, constructive mathematics
 serious limitation: you can’t prove the fact that any natural number is even or odd without axioms for example
 in a general theory: the witness property doesn’t hold (ex: in the theory $𝒯 \, ≝ \, \lbrace ∃x\; P(x) \rbrace$, you can prove $∃x\; P(x)$ but not constructively. Solution, give a name to such an element: $𝒯 \, ≝ \, \lbrace P(c) \rbrace$)
What does it mean to set $1 ≝ S(0)$?

either: you have a constant $1$ and an axiom $1 = S(0)$
 but this can be problematic: sometimes, you don’t have the lastrule property anymore, while you may have it in the second case

or: $1$ is such syntactic sugar for $S(0)$, it’s not really part of the language
 so usually in proof assistants: you have an equivalence relation $≡$ on propositions and the axiom rule: \(\cfrac{}{A ⊢ B} \quad \text{if } A ≡ B\)
3 conditions your equivalence relation $≡$ must satisfy:
 Congruence
 Proofchecking must be decidable

Non confusing
 we wouldn’t want to have $∨$intro followed by $∧$elim if $A ∨ B ≡ C ∧ D$
⟶ there is no way to eliminate tonk cuts (mixing introduction and elimination rules of $∧$ and $∨$)
 in the proof/deduction rules ≃ reasoning/deduction part (you want to keep the witnesses)
 in the $≡$ congruence ≃ computation part of proofs
You can’t prove more propositions in deductionmodulo theories, but you have better/neater proofs
Congruences are often defined with reduction (rewrite) rules, ex:
 $0 + y ⟶ y$
 $S(x)+y ⟶ S(x+y)$
instead of the two Peano axioms defining addition.
Example of rewrite system that is (weakly) terminating but not strongly terminating:
\[\begin{xy} \xymatrix{ A \ar@/^/[r] & B \ar@/^/[l] \ar[d]\\ & D } \end{xy}\]A rewriting system that is strongly terminating and confluent is such that $≡$ is decidable, where $t ≡ u$ iff $t$ and $u$ have the same irreducible form.
Proof: compare the two irreducible forms of $t$ and $u$
Leave a comment