3. The λ-calculus and Implication

Transcription

1 3. The λ-calculus and Implication (a) (b) (c) (d) (e) (f) The untyped λ-calculus. The typed λ-calculus. The λ-calculus in Agda. Logic with Implication Implicational Logic in Agda. More on the typed λ-calculus. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sect

2 (a) The Untyped λ-calculus Basic idea of the λ-calculus: We want to define functions on the fly (so called functions ). anonymous Example: We want to apply a function to all elements of a list. For instance, we want to upgrade a list of student numbers to one with one extra digit. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-2

3 Greek Letters λ is the Greek letter lambda. On the next slide you find the greek alphabet in upper case and lower case. Some letters have two options for lower case, in which case the second is sometimes (but not always) pronounced by adding var in front, e.g. varphi for ϕ. Some letters are indistinguishable from the Roman alphabet. So one cannot use them as separate mathematical symbols. I put brackets around them. If one wants to transcribe the capital greek letter in Roman alphabet, one writes the lower case transcription and starts it with a captial, e.g. Gamma for Γ, Delta for. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-3

4 The Greek Alphabet (A) α alpha (N) ν nu (B) β beta Ξ ξ xi Γ γ gamma (O) (o) omikron δ delta Π π pi (E) ǫ epsilon (P) ρ, (var)rho (Z) ζ zeta Σ σ, ς (var)sigma (H) η eta (T) τ tau Θ θ, ϑ (var)theta Υ υ upsilon (I) ι iota Φ φ, ϕ (var)phi (K) κ kappa (X) χ chi Λ λ lambda Ψ ψ psi (M) µ mu Ω ω omega CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-4

5 Example for Use of λ Can be done by multiplying each student number by 10. Let f : N N, f(x) := x 10. In many languages (e.g. C++, Perl, Python, Haskell) there is a pre-defined operation map, which takes a function f, and a list l, and applies f to each element of the list. So for the above f we have map(f, [210345, , ]) = [ , , ]. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-5

6 Introduction to λ-terms Often the f is only needed once, and introducing first a new name f for it is tedious. So one needs a short notation for the function f, s.t. f(x) = x 10. Notation is λx.x 10. So we have map(λx.x 10, [210345, , ]) = [ , , ]. In general λx.t stands for the function f s.t. f(x) = t, where t might depend on x. above t = x 10. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-6

7 Notation One writes in functional programming usually s t for the application of s to t instead of s(t) as usual. This is used since we have often to apply a function several times, writing something like f(r)(s)(t). Instead we write f r s t. As indicated by the example, r s t stands for (r s) t, in general r 0 r 1 r 2 r n stands for ( ((r 0 r 1 ) r 2 ) r n ). CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-7

8 Abbreviations We write λx,y. for λx.λy.. Similarly for λx,y,z. etc. E.g. λx,y,z.x (y z) stands for λx.λy.λz.x (y z). CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-8

9 Infix Operators We use + and infix. The corresponding operators are written as (+), ( ). So x + y stands for (+) x y, x y stands for ( ) x y. + and will bind less than any non-infix constants. Therefore S x + S y stands for (S x) + (S y). binds more than +. Therefore x + y z stands for x + (y z), and S x + S y z stands for (S x) + ((S y) z). These are the same conventions as in Agda. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-9

10 Scope of λx. How do we read λx.x + 5? As (λx.x) + 5? Or as λx.(x + 5)? Convention: The scope of λx. is as long as possible. So λx.x + 5 reads as λx.(x + 5). λx.(λy.y) 5 reads as λx.((λy.y) 5). CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-10

11 Scope of λx. In (λx.x) 5, the scope λx. cannot be extended beyond the closing bracket. So it is x, not x) 5, which doesn t make sense. In f(λx.x + 5, 3), the scope of λx is x + 5, not x + 5, 3), which doesn t make sense. In (λx.x + 5) 3, the scope of λx is x + 5 not x + 5) 3, which doesn t make sense. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-11

12 λ without a Dot Sometimes, λx t (without a dot) is used, if one wants to have the scope of λx as short as possible. E.g. λx x y would denote (λx.x) y. In this lecture we don t use this notation. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-12

13 λ-terms Now we can define the terms of the untyped λ-calculus as follows: λ terms are: Variables x, If r and s are λ-terms, so is (r s). If x is a variable and r is a λ-term, so is (λx.r). As usual brackets can be omitted, using the above mentioned conventions about the scope of λx, and that r s t is read as (r s) t. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-13

14 λ-terms Examples: λx.x, λx.((λy.y) x), λx.x x, (λx.x x x) (λx.x x x), λf.λx.f (f x)). CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-14

15 λ-terms One might need additional constants to the language, then we have additionally: Any constant is a λ-term. For instance, if c is a constant, then λx.c, (λx.x) c are λ-terms; if (+) is a constant, then λx.(+) x x is a a λ-term. For standard operators like +,, one has constants (+), ( ), infix operations +,, and writes in infix notation x + y instead of (+) x y, x y instead of ( ) x y, etc. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-15

16 Bound and Free Variables There are bound and of free variables in λ-terms: Bound variables are variables x, which occur in the scope of a λ-abstraction λx.. Free variables are the other variables. Example: In λx.x + y, x is bound (since in the scope of λx), y is free (since it is not in the scope of λy). CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-16

17 Bound and Free Variables In (λy.y + z) y, the first occurrence of y, y is bound, the second occurrence of y, y is free, z is free. In (λy.((λz.z) y)) x, we have z is bound, y is bound (in the scope of λy), x is free. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-17

18 Bound and Free Variables Note that being bound and free has something to do with an occurrence of a variable in a term, not with the variable itself. So more precisely we should speak of occurrences of bound and free variables. By the free variables of a term t we mean the variables x which have free occurrences, respectively, in t. Similarly we define the bound variables of a term t. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-18

19 α-conversion We identify λ-terms, which only differ in the choice of the bound variables (variables abstracted by λ): So λx.x + 5 and λy.y + 5 are identified. Makes sense, since they both denote the same function f s.t. f(x) = x + 5. (λx.x + 5) and (λy.y + 5) are identified. λx.λy.y and λy.λx.x are identified. This equality is called α-equality, and the step from one term to another α-equal term is called α-conversion. So λx.λy.y and λy.λx.x are α-equal, written as λx.λy.y= α λy.λx.x. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-19

20 α-conversion Note that λx.λx.x = α λy.λx.x. The x refers to the second lambda abstraction λx, not the first one (λx.). Therefore, when changing the variable of the first λ-abstraction, x remains unchanged. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-20

21 Evaluation of λ-terms How do we evaluate (λx.x 10) 5? We first replace in x 10, the variable x by 5. We obtain Then we reduce this further, using other reduction rules (not introduced yet). Using suitable rules, we would reduce 5 10 to 50. In this Subsection we will look only at the pure λ-calculus without any additional reduction rules. There (λx.x 10) 5 reduces to 5 10, which cannot be reduced any further. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-21

22 Basics of the λ-calculus In general, the result of applying λx.t to r, is obtained by substituting in t the variable x by r. E.g. (λx.x + 10) 5 evaluates to , If we substitute in x + 10 the variable x by 5, we obtain (λx.x) Student evaluates to Student. If we substitute in x, the variable x by Student, we obtain Student. (λx.x) (λy.y) evaluates to λy.y. If we substitute in x the variable x by λy.y, we obtain λy.y. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-22

23 Substitution The last example shows that substitution by λ-terms can become more complicated, and we therefore instudy it in the following more carefully. If t and s are λ-terms, t[x := s] substituting in t the variable x by s, e.g. (x + 10)[x := 5] , x[x := Student ] Student, x[x := λy.y] λy.y. denotes the result of CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-23

24 Substitution and Parentheses Subsitution might introduce additional parentheses. When we write a term e.g. t 2 + 2, what we really mean is that there are brackets around that term, e.g. t = (2 + 2). We omit the outer parentheses usually for convenience. When substituting a term, the parentheses might become relevant. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-24

25 Substitution and Parentheses E.g. (x x)[x := 2 + 2] = (2 + 2) (2 + 2). So we have to reintroduce in that example the brackets around before carrying out the substitution. If we did it naively (without reintroducing brackets), we would obtain which is different from (2 + 2) (2 + 2). CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-25

26 Substitution and Bound Variables If we carry out a substitution in a λ-term, we have to be careful. (λx.x + 7)[x := 3] λx.x + 7. It doesn t make sense to substitute the x in λx.x + 7, since x is bound by λx.. x is a bound variable, which is not changed by the substitution. In general, in s[x := t] we only substitute free occurrences of x in s by t. All bound occurrences remain unchanged. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-26

27 Substitution and Bound Variables More examples: (λx.x)[x := Student ] λx.x. The x in λx.x is bound by λx, so no substitution is carried out. ((λx.x) x)[x := Student ] (λx.x) Student. The first x is bound, so no substitution is carried out. The second x is free, so substitution is carried out. (λy.x + y)[x := 3] λy.3 + y. x in λy.x + y is free, so it will be substituted by 3 in the above example. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-27

28 Substitution and α-conversion When substituting in λ-terms, we sometimes have to carry out an α-conversion first: If we substitute in λy.y + x, the variable x by 3, we obtain correctly λy.y + 3, the function f s.t. f(y) = y + 3. If we substitute in λy.y + x, the variable x by y, we should obtain a function f s.t. f(z) = z + y. If we did this naively, we would obtain λy.y + y. So the free variable y, which we substituted for x, has become, when substituting it in λy.y + x, to a bound variable. This is not the correct way of doing it. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-28

29 Substitution and α-conversion The correct way is as follows: First we α-convert λy.y + x, so that the binding variable y is different from the free variable we are substituting x by: Replace for instance λy.y + x by λz.z + x. Now we can carry out the substitution: (λy.y + x)[x := y] = α (λz.z + x)[x := y] λz.z + y. Similarly, we compute (λy.y + x)[x := y + y] as follows: (λy.y+x)[x := y+y] = α (λz.z+x)[x := y+y] λz.z+(y+y) CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-29

30 Substitution and α-conversion In general, the substitution t[x := s] is carried out as follows: α-convert t s.t. if x occurs in t free and is in the scope of some λu, then u doesn t occur free in s. In other words, α-convert t s.t. one never would substitute for x the s in such a way that one of the free variables of s becomes bound. Then carry out the substitution. Intuitively this means: α-convert the bound variables in s in such a way that never a variable, which is free in s becomes bound when replacing in t variable x by s. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-30

31 Examples (λx.λy.z)[z := x] = α (λu.λy.z)[z := x] (λu.λy.x), (λx.λy.z)[z := y] = α (λx.λu.z)[z := y] (λx.λu.y), (λx.(λy.y) z)[z := y] λx.(λy.y) y. There is no problem in substituting the z by y, since it is not in the scope of λy. (λx.(λy.y) y)[y := x] = α (λu.(λy.y) y)[y := x] λu.(λy.y) x. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-31

32 Examples (λx.z)[z := λx.x] λx.λx.x. There is no problem with this substitution, since x does not occur free in λx.x. Note that the x in λx.λx.x refers to the second λ-binding λx. (λx.z)[z := (λx.x) x] = α (λu.z)[z := (λx.x) x] λu.((λx.x) x). Now x occurs free in (λx.x) x (the second occurrence is free), so we need to α-convert it. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-32

33 Substitution and α-conversion If you have problems understanding this, you can proceed as follows, and are on the safe side: α-convert t so that all bound variable in t are different from all free variables in s. Then carry out the substitution. An unnecessary α-conversion doesn t hurt. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-33

34 s[x], s[t] Writing s[x := t] is sometimes a bit lengthy. Therefore we will introduce the notion s[x], s[t]. s[x] stands for a term s possibly depending on a variable x. E.g. s[x] x or s[x] a x for some constant a or s[x] λy.x. After we have introduced a term s[x], we define s[t] as the result of substituting in s[x] the variable x by t, e.g. s[t] := s[x][x := t] CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-34

35 s[x], s[t] Examples: If s[x] x then s[t] t. If s[x] a x, then s[t] a t. If s[x] λy.x, then s[y] (λy.x)[x := y] = λz.y. In the last example we had first to carry out α-conversion, before we can carry out the subsitutiton. We will usually not say what s[x] actually is. Then it can essentially be treated as a term s with a hole, for which x is substituted (and in the original term with holes, x doesn t occur). CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-35

36 β-redexes The notion of β-reduction is one step in the sense of evaluation of a λ-term to another term. We first introduce the notion of a β-redex of a term t: A subterm (λx.r) s of a λ-term t is called a β-redex of t. Examples: (λx.x) y z has β-redex (λx.x) y. Note that the bracketing is ((λx.x) y) z, not (λx.x) (y z). A redex can be the term itself: (λx.x) y has β-redex (λx.x) y. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-36

37 β-redexes A λ-term might have several β-redexes: E.g. In (λx.x x) ((λy.y) z) we have one redex (λx.x x) ((λy.y) z) and one redex (λy.y) z. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-37

38 β-reduct A β-redex (λx.s) t can be reduced to s[x := t]. s[x := t] is called the β-reduct of (λx.s) t. The β-reduct of (λx.x + 10) 5 is , The β-reduct of (λx.x) Student is Student. The β-reduct of (λx.x) (λy.y) is λy.y. Using the s[t]-notation, the above can be more briefly written as (λx.s[x]) t reduces to s[t]. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-38

39 β-reduction r β r, r β-reduces to r, or shorter r r, if r is obtained from r by replacing one β-redex by its β-reduct. Examples: ((λx.x + 5) 3) + 7 (3 + 5) + 7, since (λx.x + 5) Assume we add a pairing operation s,t for the pair s, t (will be introduced later), then (λx.x + 5) 3, , 7, CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-39

40 Examples We can apply β-reduction under a λ term as well: λx.((λy.y + 5) 3) λx Multiple redexes: Because a λ-term might have several redexes, it might have two different reductions: For instance (λx.x x) ((λy.y) z) ((λy.y) z) ((λy.y) z) (λx.x x) ((λy.y) z) (λx.x x) z. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-40

41 Examples of β-reduction (λx.λy.x) y (λy.x)[x := y] = α (λu.x)[x := y] λu.y (λz.λx.λy.z) x (λx.λy.z)[z := x]= α (λu.λy.z)[z := x] λu.λy.x (λz.λx.(λy.y) z) y (λx.(λy.y) z)[z := y] λx.(λy.y) y λx.(λy.y) y λx.y CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-41

42 Example (Longer Reduction) In the steps marked on the next slide, essentially the colouring is changed to mark the next β-redex. These steps are not very well visible on the printed black-and-white slides (where I use italic/boldface in order to denote the differences). This applies to future slides containing more complex β-reductions as well. Remember as well that λx, y.t abbreviates λx.λy.t CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-42

43 Example (Longer Reduction) (λx,y.x (x y)) (λu,v.u (u v)) (λx.λy.x (x y)) (λu,v.u (u v)) λy.(λu,v.u (u v)) ((λu,v.u (u v)) y) λy.(λu,v.u (u v)) ((λu.λv.u (u v)) y) λy.(λu, v.u (u v)) (λv.y (y v)) λy.(λu.λv.u (u v)) (λv.y (y v)) λy.λv.(λv.y (y v)) ((λv.y (y v)) v) λy.λv.(λv.y (y v)) ((λv.y (y v)) v) λy.λv.(λv.y (y v)) (y (y v)) λy.λv.(λv.y (y v)) (y (y v)) λy.λv.y (y (y (y v))) λy,v.y (y (y (y v))) CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-43

44 Examples of Non-Termination Reproduction (Term reduces to itself). Let ω := λx.x x, Ω := ω ω. Then Ω ω ω (λx.x x) ω ω ω Ω. Expansion (Term reduct becomes bigger). Let Ω := λx.x (x x). Then Ω Ω (λx.x (x x)) Ω Ω ( Ω Ω) Ω ( Ω ( Ω Ω)) CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-44

45 Remark on Previous Slide Note that in the λ-term above λx.x (x x) is to be read as λx.(x (x x)) and not as (λx.x) (x x) The scope of λx. is always as long as possible. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-45

46 λ-calc. as a Red. Sys By the untyped λ-calculus (short λ-calculus) we mean now the set of λ-terms, T where α-equivalent λ-terms are identified, together with β-reduction β. Therefore the λ-calculus forms a reduction system (T, β ). One might have the λ-calculus with additional constants. Without additional constants, the (untyped) λ-calculus is called the pure (untyped) λ-calculus. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-46

47 β and = β For reduction systems we introduced notations, a b. These notions can be used for the λ-calculus as well. We define r = β s ( r and s are β-equivalent ) iff r β s. Since we identified α-equivalent λ-terms, there can be arbitrary many α-conversions in a chain for showing that r = β s. Therefore we have r = β r iff there exists a sequence s 0,...,s n,t 0,...,t n (n = 0 is possible) s.t. r s 0 = α t 0 β s 1 = α t 1 β s 2 = α t 2 β β s n = α t n r. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-47

48 Confluence of the λ-calculus Fact: The λ-calculus is confluent (if we identify α-equivalent terms). Therefore two λ terms r and s are β-equivalent, iff there exits a term t s.t. r β t and s β t. Example: ((λy.y) z) ((λy.y) z) and (λx.x x) z are β-equivalent: ((λy.y) z) ((λy.y) z) reduces in two steps to z z and (λx.x x) z reduces in one step to the same term. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-48

49 β-equality Note that this doesn t give yet an easy way of determining whether r = β s holds: One needs to find a t s.t. s t and r t. But simply reducing r might never terminate. Example: (λx.y) Ω reduces in one step to y. So (λx.y) Ω = β y. However, by reducing Ω we obtain Ω, therefore (λx.y) Ω (λx.y) Ω. So if we keep on following the second reduction, we will never find that this term is β-equivalent to y. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-49

50 Need for Typed λ-calculus Therefore we introduce the typed λ-calculus, which is strongly normalising, and in which therefore equality of λ-terms can be decided by determining α-equality of normal forms. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (a) 3-50

51 (b) The Typed λ-calculus Problem of the untyped λ-calculus: Non-Termination, therefore = β difficult to check. In fact = β is semi-decidable (r.e.), but not decidable (recursive). Caused by the possibility of self-application, which allows to write essentially fully recursive programs. Avoided by the simply typed λ-calculus, which is strongly normalising. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (b) 3-51

52 Main Idea of the Typed λ-calculus λx.x + 5 is a function, taking an x : Int, and returning x + 5 : Int. Therefore, we say that (λx.x + 5) : Int Int. In words, λx.x + 5 is of type Int arrow Int. In order to clarify the type of x, we write instead of λx.x + 5 λx Int.x + 5. or λ(x : Int).x + 5. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (b) 3-52

53 Basics of the Typed λ-calculus λx Int.x + 5 is only applicable to some s : Int, therefore not applicable to elements of other types, e.g. to Student (: String). So (λx Int.x + 5) 3 is allowed, (λx Int.x + 5) Student is not allowed. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (b) 3-53

54 Simple Types The simple types used in the simply typed λ-calculus are defined inductively as follows: The ground type o is a type. If σ, τ are types, so is (σ τ). Inductively means that the set of simple types is the least set containing the ground type, and which closed under. One sometimes modifies the set of ground types, especially when adding constants to the λ-terms. E.g. when using arithmetic expressions, one can say for instance that the ground types are Int and Float. Then we talk about the simple types based on ground types Int and Float. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (b) 3-54

55 Simple Types Usually we denote types by Greek letters, e.g. α ( alpha ), β ( beta ), γ ( gamma ), σ ( sigma ), τ ( tau ). We omit brackets as usual using the convention that α β γ stands for α (β γ). Examples types: o, o o, (o o) o, ((o o) o o) (o o) o o, which stands for (((o o) (o o)) ((o o) (o o))). CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (b) 3-55

56 Abbreviation In order to make writing down such types easier, one can use sometimes the following abbreviations (these are non-standard abbreviations, and should be defined explicitly when using outside this lecture. o2 := o o, o3 := o2 o2, etc. So an element of type o2 can be applied to an element of type o and one obtains an element of type o. an element of type o3 can be applied to an element of type o2 and one obtains an element of type o2. etc. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (b) 3-56

57 Contexts To determine the type of a term makes only sense, if we know the types of its variables. For instance, in case of the λ-term x y, we could have x : o2, y : o and therefore x y : o, or x : o3, y : o2, and therefore x y : o2. Therefore we will give a type to λ terms in a context, which determines the types of the variables. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (b) 3-57

58 Contexts A context is an expression of the form x 1 : σ 1,...,x n : σ n where x i are variables, σ i are simple types, (when considering other type theories, σ i will be types of that theory). n = 0 is allowed, and we write for the empty context. Multiple occurrences of the same variable (even with different types) is allowed. If we have two occurrences of the same variable, only the second occurrence counts. E.g. in x : σ,y : τ,x : ρ, x : σ is overriden by x : ρ, so the assumption in this context is x : ρ. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (b) 3-58

59 Contexts Examples x : o,y : o2 is a context. x : o2,x : o is a context in which we assume x : o. Note that contexts are lists of elements of the form x : σ, so the order matters. In case of the simply typed λ-calculus, it wouldn t make a difference to have as context unordered sets of expressions of the form x : σ (as long as all variables in a context are different in order to avoid overriding). However, when moving later to dependent type theory, the order of the expressions x : σ will be relevant. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (b) 3-59

60 Contexts In the following, the capital Greek letters Γ ( Gamma ), ( Delta ) denote contexts. We write Γ s : σ for in context Γ, s has type σ. Expressions of this form are called judgements. Examples: x : o2,y : o x y : o, x : Float Int,y : Float x y : Int (assuming ground types Float and Int), x : o3,y : o2 x y : o2. In case Γ is empty, we write s : σ instead of s : σ. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (b) 3-60

61 Contexts If Γ, are contexts, Γ, both contexts, e.g. if Γ x : o,y : o2, z : o then Γ, denotes x : o,y : o2,z : o,, Γ denotes z : o,x : o,y : o2, Γ,u : o denotes x : o,y : o2,u : o. denotes the concatenation of CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (b) 3-61

62 Simply Typed λ-calculus Definition of the simply typed λ-terms, depending on a context, together with their type. 1. Assumption. Variables, occurring in the context, are terms having the type they have in the context: Γ,x : σ, x : σ Condition on x: x must not occur in. Otherwise x : σ is overriden by the assumption on x in. Note that Γ,x : σ, stands for any context, in which x : σ occurs. Explanation: From the assumption x : σ we can derive x : σ. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (b) 3-62

63 Example (Assumption) We will illustrate the rules using a derivation of y : o o o λx o.y x : o o o In order to derive it we will need to derive first y : o o o,x : o y x : o o In order to derive that we use twice the assumption rule and obtain y : o o o,x : o y : o o o and y : o o o,x : o x : o CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (b) 3-63

64 Example (Overriding of Assum.) We have but not x : σ,x : τ x : τ x : σ,x : τ x : σ CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (b) 3-64

65 Simply Typed λ-calculus 2. Application. If s is of type σ τ and t of type σ, depending on context Γ, then s t is of type τ under context Γ: Γ s : σ τ Γ t : σ (Ap) Γ s t : τ Explanation: Assume we have s of type σ τ. So s is a function, taking an x : σ and returning an element of type τ. Assume we have t is an element of type σ. Then we can apply the function s to this t, written as s t, and obtain an element of type τ. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (b) 3-65

66 Example (Application) We continue with our derivation of y : o o o λx o.y x : o o o We have already derived using the assumption rule y : o o o,x : o y : o o o,x : o y : o o o x : o Using the application rule we conclude (note that o o o o (o o)): y:o o o,x:o y:o o o y:o o o,x:o x:o (Ap) y : o o o,x : o y x : o o CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (b) 3-66

67 Simply Typed λ-calculus 3. Abstraction. If t is a term of type τ, depending on context Γ,x : σ, then λx σ.t is a term of type σ τ depending on context Γ: Γ,x : σ t : τ (Abs) Γ λx σ.t : σ τ Explanation: If we have under assumption x : σ shown that t : τ, then we can form a new λ-term by binding that x, and form λx σ.t. The result is a function taking as input x : σ and returning t : τ, so we obtain an element of σ τ. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (b) 3-67

68 Example (Abstraction) We finish our derivation of y : o o o λx o.y x : o o o We have already derived y:o o o,x:o y:o o o y:o o o,x:o x:o (Ap) y : o o o,x : o y x : o o Using abstraction we obtain: (note that o o o o (o o)): y:o o o,x:o y:o o o y:o o o,x:o x:o (Ap) y : o o o,x : o y x : o o y : o o o λx o.y x : o o o (Abs) CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (b) 3-68

69 Rules We had three rules: 1. Γ,x : σ, x : σ (where x must not occur in ). 2. Γ s : σ τ Γ t : σ (Ap) Γ s t : τ 3. Γ,x : σ t : τ (Abs) Γ λx σ.t : σ τ CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (b) 3-69

70 Rules (1) Γ,x : σ, x : σ is a special kind of rule, an axiom. Axioms derive typing judgements without having to prove something first (no premises). (2) The next rule is a genuine rule: Γ s : σ τ Γ t : σ (Ap) Γ s t : τ It expresses: Whenever we have derived Γ s : σ τ (for arbitrary context Γ, types σ,τ, term s) and whenever we derived Γ t : σ (for the same Γ,σ, but arbitrary term t), then we can derive Γ s t : τ. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (b) 3-70

71 Rules (3) The next rule is similar: Γ,x : σ t : τ (Abs) Γ λx σ.t : σ τ It expresses: Whenever we have derived Γ,x : σ t : τ (for arbitrary context Γ, types σ,τ, variable x and term t), then we can derive from this Γ λx σ.t : σ τ. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (b) 3-71

72 Derivations Using rules we can derive more complex judgements: We start with axioms, and use rules with premises in order to derive further judgements. Example 1: (Note that o2 = o o). x : o x : o (Abs) λx o.x : o2 CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (b) 3-72

73 Example 2 x : o2,y : o x : o2 x : o2,y : o y : o (Ap) x : o2,y : o x y : o (Abs) x : o2 λy o.x y : o2 (Abs) λx o2.λy o.x y : o3 Note that we have the following dependencies in the derived λ-term: (λx o2.λy o. x }{{} :o2 y }{{} :o } {{ } } :o {{ } :o o = o2 ) : o2 o2 = o3 Observe how these dependencies correspond to the derivation above. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (b) 3-73

74 β-reduction β-reduction for typed λ-terms is defined as for untyped λ-terms. One has only to carry around the types as well. Formally we have (λx σ.t) s t[x := s] or using the alternative notation for typed λ-terms (λ(x : σ).t) s t[x := s] And as before β-reduction can be applied to any subterm. A subterm (λx σ.t) s of a term s is called a β-redex of s. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (b) 3-74

75 Example (Changes of colour not well visible in black-and-white copies). (λx o3.λy o2.x (x y)) (λx o2.λy o.x (x y)) λy o2.(λx o2.λy o.x (x y)) ((λx o2.λy o.x (x y)) y) λy o2.(λx o2.λy o.x (x y)) ((λx o2.λy o.x (x y)) y) = α λy o2.(λx o2.λy o.x (x y)) ((λx o2.λz o.x (x z)) y) λy o2.(λx o2.λy o.x (x y)) (λz o.y (y z)) λy o2.(λx o2.λy o.x (x y)) (λz o.y (y z)) = α λy o2.(λx o2.λu o.x (x u)) (λz o.y (y z)) λy o2.λu o.(λz o.y (y z)) ((λz o.y (y z)) u) λy o2.λu o.(λz o.y (y z)) ((λz o.y (y z)) u) λy o2.λu o.(λz o.y (y z)) (y (y u)) λy o2.λu o.(λz o.y (y z)) (y (y u)) λy o2.λu o.y (y (y (y u))) CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (b) 3-75

76 Theorem As for the untyped λ-calculus, the simply typed λ-calculus is confluent. The simply typed λ-calculus is strongly normalising. Therefore every typed λ-term has a unique normal form, which can be obtained by β-reducing the term by choosing arbitrary β-redexes. Furthermore, two λ-terms are β-equal, if their normal forms are equal (up to α-conversion). CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (b) 3-76

77 (c) The λ-calculus in Agda Agda is based on dependent type theory. This extends the simply typed λ-calculus. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-77

78 The Function Type in Agda In Agda one writes A -> C for the nondependent function type. We write on our slides instead of ->. I tend to use capital letters instead of Greek letters for types in Agda. One could of course use as well alpha, beta, gamma instead. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-78

79 λ-terms in Agda In Agda one writes \ (x:: A) -> r for λ(x : A).r. When presenting Agda code we will write λ (x::a) r for the above, so λ means \ and means -> in real Agda code. When reasoning in type theory itself (outside Agda), we use standard type theoretic notation λ(x : A).r. We sometimes omit A, and write simply λx.r. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-79

80 Notations in Agda As an abbreviation, one writes λ(a,a :: A) instead of λ(a :: A) λ(a :: A) CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-80

81 Application in Agda Application has the same syntax as in the rules of dependent type theory: Assume we have derived f :: A B a :: A Then we can conclude f a :: B. And α- and β-equivalent terms are identified. In Agda, (λ(x :: A) x) a = a. So if B a is a type depending on a, and we have b :: B a then we have as well b :: B ((λ(x :: A) x) a). CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-81

82 Postulate In Agda one has no predefined types, all types have to be defined explicitly (e.g. the type of natural numbers, the type of Booleans, etc.). In order to obtain ground types with no specific meaning (like o above), we have to postulate such types, (or use packages as introduced later). In Agda the lowest type level, which corresponds to types in the simply typed λ-calculus, is called for historic reasons Set. So in order to introduce a ground type A we write: postulate A :: Set CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-82

83 Postulate We can now introduce other constants. For instance, in order to introduce a function from A to B where A and B are ground types, and an element of type A, we write the following: postulate A :: Set postulate B :: Set. postulate f :: A B. postulate a :: A. See examplepostulate1.agda CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-83

84 Basic λ-terms postulate A :: Set postulate B :: Set. postulate f :: A B. postulate a :: A. Assuming the above postulates, we can now introduce new terms. We have to give a name and a type to each new definition. Example: Using the above postulates, we can define b := f a : B as follows: b :: B = f a CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-84

85 Basic λ-terms postulate A :: Set postulate B :: Set. postulate f :: A B. postulate a :: A. b :: B = f a We can as well introduce g := (λx : A.x) : A A as follows: g :: A A = λ(x :: A) x See examplepostulate2.agda CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-85

86 Note on the Agda syntax Agda demands a blank between = and \ (written as λ on the slides). So instead of one has to write g :: A A =\(a :: A) a g :: A A = \(a :: A) a CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-86

87 λ-terms postulate A :: Set postulate B :: Set. postulate f :: A B. postulate a :: A. Instead of defining λ-terms by using λ directly, it is usually more convenient to use a notation of the following kind: g (!a :: A) :: A = a Note that in the above example, the local a overrides the global a. See examplepostulate3.agda CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-87

88 Equivalence of the two Notations The two ways of introducing functions are equivalent. One can check this by defining two versions: postulate A :: Set g :: A A = λ(a :: A) a g (!a :: A) :: A = a Example exampleequivalencelambdanotations2.agda CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-88

89 Equivalence of the two Notations If one then uses goal-menu Compute, and does the same with g, one obtains twice the same result, namely λ(a :: A) a The above is a general method for evaluating terms (e.g. for evaluating the result of a applying a function to some arguments). CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-89

90 λ-notation in Agda In most cases, it is easier to use the second way of introducing λ-terms. However, λ-notation allows to introduce anonymous functions (i.e. functions without giving them names): A typical example from functional programming is the map function, which applies a function to each element of a list: map (λ(x::n) S x) (cons two (cons three nil)) The result would be cons three (cons four nil) See examplemapappliedtolist.agda. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-90

91 Abbreviation We can write h (!a,!a ::A) :: B = instead of h (!a::a) (!a ::A) :: B = CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-91

92 Occurrences of Dept. Functions The following problem might by now have vanished from Agda. It is mentioned here, since I cannot exclude that it still occurs under certain circumstances. Internally, Agda translates often function types into dependent function types. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-92

93 Occurrences of Dept. Functions That s why one occasionally sees in code generated by Agda (e.g. when showing context, when using solve) types of the form (h :: A) B which is a dependent function type where B might depend on h :: A where B doesn t depend on h at all, so one could use as well write: A B This happens even if one has originally demanded that one wants an element of A B rather than (h :: A) B. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-93

94 Intro When introducing λ-terms, there is usually no need to introduce the λ-term by hand. Assume the following code which postulates A :: Set and introduces a goal: postulate A :: Set f:: A A = {!!} If the position is inside the goal, we can use the goal-menu Intro, in order to obtain a template for the λ-term: f:: A A = λ(h :: A) {!!} CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-94

95 Intro It is recommended to rename the automatically generated variable h to something more meaningful: f:: A A = λ(a :: A) {!!} CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-95

96 Refinement Assume the following Agda code postulate A :: Set postulate B :: Set postulate f :: A B postulate a :: A b :: B = {!!} Assume that we don t know what to insert. We only guess that it has to be of the form f applied to some arguments. We can see this since the result type of f is B (f : A B). CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-96

97 Refinement postulate A :: Set postulate B :: Set postulate f :: A B postulate a :: A b :: B = {!!} Then we can insert f into this goal and use menu Refine (C-c C-r) The system shows f {!!} :: B. We can ask for the type of the new goal {!!}, and get: {!!} :: A Now we can solve this goal by filling in a and using refine: f a :: B. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-97

98 Introducing New Types In the λ-calculus, we introduced abbreviations for types, like o2 = o o We can do the same in Agda: postulate A :: Set A2 :: Set = A A A3 :: Set = A2 A2 a2 a3 :: A2 = λ(x :: A) x :: A3 = λ(x :: A2) x CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-98

99 Introducing New Types postulate A :: Set A2 :: Set = A A a2 :: A2 = λ(x :: A) x In the above example we have that the type of a2 is as well A A, since both types are equal: Although a2 is of type A2 instead of A A, we can define a2 :: A A = a2 CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-99

100 Introducing New Types We can as well check that A A and A2 are the same by applying Compute to A2 We obtain A A. (At time of writing this slide, Compute applied to A A creates an error message, which shouldn t be the case. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-100

101 Derivations in Agda In Agda, rules are implicit. The rule f : A B f a : B corresponds to the following: Assume we have introduced: f :: A B, a :: A. and want to solve the goal {!!} :: B. a : A (Ap) examplesimplederivation4.agda CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-101

102 Derivations in Agda (Cont.) Then we can fill this goal by typing in f a: {! f a!} :: B If we then choose goal-menu Refine (C-c C-r), the system shows: f a :: B. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-102

103 Let expressions in Agda When introducing elements of more complicated types, let expressions are often useful. They allow to introduce temporary variables. Let-expressions have the form let a 1 :: A 1 = s 1 a 2 :: A 2 = s 2 a n :: A n = s n in t CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-103

104 Let expressions in Agda (Cont.) This means that we introduce new local constants a 1 :: A 1 = s 1, a 2 :: A 2 = s 2,..., a n :: A n = s n, which can now be used locally. s i can refer to all a j defined before, including a i itself, i.e. it can refer to a 0,...,a i. Reference to a i might result in non-termination; termination will be discussed below. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-104

105 Let expressions in Agda (Cont.) If we are in a goal, we can use the goal menu Make let expression. We have to insert into the goal the variables, separated by blanks, e.g. a 1 a 2 a n. Agda will construct a template of the form: let a 1 :: {!!}; a 1 = {!!} a 2 :: {!!}; a 2 = {!!} a n :: {!!}; a n = {!!} in {!!} CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-105

106 Let expressions in Agda (Cont.) The above is a more verbose form of the following more shorter form (which we prefer): let a 1 :: {!!} = {!!} a 2 :: {!!} = {!!} a n :: {!!}; = {!!} in {!!} CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-106

107 Simple Example The following function computes (n + n) (n + n) for n :: N: f (!n :: N) :: N = let m :: N = n + n in m m See exampleletexpression.agda Note that this version is more efficient than the function computing directly (n + n) (n + n): Using let, n + n is computed only once, without let, we have to compute it twice. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-107

108 Example As an example we define, assuming A : Set as a postulate, a function We start with the goal f : ((A A) A) A f :: ((A A) A) A = {!!} We use now intro. After renaming of the variable we obtain: f :: ((A A) A) A = λ(a_a_a :: (A A) A) {!!} CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-108

109 Example We can use a_a_a in order to obtain a provided we have defined some function a_a : A A. Therefore we first define in an auxiliary definition a_a : A A. In this example we could do this as a global definition, but will use here a let expression instead. We type into the open goal the variables (separated by blanks) which we want to introduce during this let expression. In this example is only one variable a_a, which we type into the goal. Then using goal menu make let expression we obtain after replacing the let expression by the simpler form (see next slide) CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-109

110 Example f :: ((A A) A) A = λ(a_a_a :: (A A) A) let a_a :: {!!} = {!!} in {!!} We type into the first goal the type A A of the variable a_a and use goal menu Refine or Give and obtain f :: ((A A) A) A = λ(a_a_a :: (A A) A) let a_a :: A A = {!!} in {!!} CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-110

111 Example We apply Intro to the first goal and obtain f :: ((A A) A) A = λ(a_a_a :: (A A) A) let a_a :: A A = λ(h :: A) {!!} in {!!} CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-111

112 Example We rename the variable h and obtain: f :: ((A A) A) A = λ(a_a_a :: (A A) A) let a_a :: A A = λ(a :: A) {!!} in {!!} CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-112

113 Example We solve the goal by typing in a and using Refine and are finished with the let-expression: f :: ((A A) A) A = λ(a_a_a :: (A A) A) let a_a :: A A = λ(a :: A) a in {!!} CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-113

114 Example We can solve the remaining (main) goal by applying the variable a_a_a to a_a. We type those values into the remaining goal and use Give or Refine and obtain: f :: ((A A) A) A = λ(a_a_a : (A A) A) let a_a :: A A = λ(a :: A) a in a_a_a a_a See letexpressionsubsect2j.agda CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (c) 3-114

115 (d) Logic with Implication CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (d) 3-115

116 Propositions as Types When considering the example of a sorted list, we have seen already that formulas (e.g. predicates) can be considered as types, where elements of such types are verifications that the formula holds ( is true). So elements of this type are proofs that the formula holds. The principle to identify propositions (i.e. formulae) with types is called propositions as types. So Sorted l will be a type, p : Sorted l will be a witness (proof) that Sorted l holds. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (d) 3-116

117 Constructive Logic If p : Sorted l holds, then l should be sorted. If we have a proof p : (Sorted l) then l should be not sorted. Negation will be introduced later. If we know neither that p : Sorted l nor that p : (Sorted l), then we know neither that l is sorted nor that l is not sorted. Happens e.g. if l is a variable. For certain closed quantified formula, like A expressing that for all natural numbers n a certain formula hold, it might be the case that we can neither determine a p : A nor a p : A. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (d) 3-117

118 Picture Neither provable nor provably false Provably false Provably true CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (d) 3-118

119 Postulates as Formulae If we postulate A : Set, we can consider A as an atomic formula (i.e. formula which cannot be decomposed further). This is similar to a propositional variable (such as A,B,C in ((A B) C) A). Formulae like ((A B) C) A) might be generally true (like A A), or might be true (like A C) if certain of its propositional variables are provably true and others are provably false. If we postulate A : Set, we assume nothing about provability of A, since we assume nothing about the elements of A. If we postulate additionally a : A, we postulate that A is true. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (d) 3-119

120 Example We postulate a set of human beings a predicate is student on the set of human beings, that John, Mary as human beings, that Mary is a student: postulate Human_Being :: Set postulate john :: Human_Being postulate mary :: Human_Being postulate Is_Student :: Human_Being Set postulate mary_is_student :: Is_Student mary CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (d) 3-120

121 Constructive Logic Proofs in dependent type theory will have always a constructive meaning. In case of implication the constructive meaning of a proof of a_b : A B will be: It is a function, which from a proof of A determines a proof of B. This is what is meant by A B: if A holds, i.e. if we have a proof of A, then B holds, i.e. we have a proof of B. So a_b : A B is a function mapping proofs of A to proofs of B. This is nothing but the function type A B. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (d) 3-121

122 Example 1 (Implication) λ(x : A).x : A A is a proof that A A holds: it takes a proof x : A and maps it to the proof x : A of A. In ordinary logic, this λ-term corresponds to the following proof that A A holds: Assume A. Then A holds. Therefore A A holds. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (d) 3-122

123 Example 2 (Implication) λ(x : A B).λ(y : A).x y is a proof of (A B) A B: Assume a proof x : A B. I.e. assume a function x which maps proofs of A to proofs of B. Assume a proof y : A. Then we obtain a proof x y : B. This proof is obtained by taking the proof x : A B, which is a function mapping proofs of A to proofs of B, applying it to the proof y : A, then one obtains the proof x y of B. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (d) 3-123

124 Example 2 (Implication) (λ(x : A B).λ(y : A).x y) : (A B) A B In ordinary logic, the λ-type just introduced corresponds to the following derivation of (A B) A B: Assume A B. Assume A. Then from A B and A we obtain B. This shows (A B) A B holds. CS 336/CS M36 (part 2)/CS M46 Interactive Theorem Proving, Lent Term 2007, Sec. 3 (d) 3-124