Series Title: Proofs as Processes

SeriesTitle:ProofsasProcesses
RobertL.Constable
CornellUniversity
Department of Computer
DepartmentofComputer
Science

What is this lecture series about?

Whatisthislectureseriesabout?
1. Presenttwonewresults:
a bit of new theory: completeness of iFOL
abitofnewtheory:completenessofiFOL,
abitofnewtheoryandpractice:synthesized
protocols, e.g. proofs
protocols,e.g.
proofsasprocesses
as processesandthelogicof
and the logic of
events.

2.Looktowardwhatmightcomenext intypetheory.

Reflecting a bit on History

ReflectingabitonHistory
Wewillbrieflynotesomerelatedhistoryasbefits
We
will briefly note some related history as befits
theinternationalTuringcelebrations.
Forexample,IllmentiontheroleofTuring and
Churchintypetheory.Fortheconstructive aspects,
we need to mention Brouwers work.
weneedtomentionBrouwers
work
Hereweseethreemajorfigures,onefromcomputer
Here
we see three major figures one from computer
science,onefromlogic,andonefrommathematics
creatingthegenomeofconstructivetypetheory.

Amazing Times
AmazingTimes
ConsiderthebroadinternationaluptakeofCoq!
p
q
FourColorTheoremofGonthier
MSRinvestinginGonthiersunitprovingFeitThompson
FundamentalTheoremofAlgebra
TheCompCert CLight compilerofLeroy
FieldsmedalistVoevodskys HomotopyTheory
SoftwareFoundationstextbookbyPierceetal
DARPA heavily using proof assistants mainly Coq
DARPAheavilyusingproofassistants,mainlyCoq
Severalkeyindustrialapplications(Javacard,AirBus,)
Many thousands of Coq users over10Kusedit?
ManythousandsofCoqusers
over 10K used it?
Andmore

Imagine what Coq programmers know

ImaginewhatCoqprogrammersknow
Expertprogrammersdigdeeplyintotheirlanguages.
pe t p og a
e s d g deep y to t e a guages
Imaginewhatexpert Coqprogrammerslearn,thekindof
logicandmathematicsthatispartofwhattheyroutinely
use.
use
mathematicaltypes,includinginductivetypes
mathematical
types including inductive types
formallogicwithhigherorderquantifiers
proof rules and their realizers (extracts)
proofrulesandtheirrealizers(extracts)
formalsemantics
classicalversusconstructivelogic
allinaunifiedtheory

Imagine what programmers learn

Imaginewhatprogrammerslearn
IntheUnitedStates,theCommonCoreMathematics
In
the United States, the Common Core Mathematics
curriculumteachesalgorithms,beforemiddleschool.
Schoolstudentsnowlearnsets inmathematicsand
types andcomputable
and computable functions inprogramming.
in programming
WhatwillhappenwhentheylearnCoqlike
What
will happen when they learn Coq like
programminginschoolaswell,astheymight?

Unified Theory Idea is Plausible

UnifiedTheoryIdeaisPlausible
Coq,Nuprl,and
Coq
Nuprl and MetaPRLarecloselyrelatedsiblings,
MetaPRL are closely related siblings
theysharethetheoryofinductivetypesbasedon
NaxMendlersLICSpapers,alsoforcoinductive
p p ,
types.
y
p
y
TheysharetheITTpredicativeuniversehierarchy
andrealizabilitysemantics.
y
TheysharetheLCFtacticmechanismfrom1979.
TheyevensharecodewrittenbyChetanMurthy.

Unified Computing Theory Idea

UnifiedComputingTheoryIdea
TheconstructivetypetheoriesofCoqandNuprl
The
constructive type theories of Coq and Nuprl
takentogetherspanalargepartofcomputingtheory
withCoqespeciallystronginprogramminglanguages
(PL) d d
(PL)andadvancedmathematicsandNuprlstrongin
d th
ti
dN l t
i
distributedprotocolsandconstructivedomain
theory(partialtypes).
y (p
yp )
We llseesomeoftheprotocolworkinthe
Well
see some of the protocol work in the third
thirdhalf
half
ofthelectureseriesastheysayonCarTalkherein
America,andIlldooneexampleonpartialtypes.

What Turing foresaw

WhatTuringforesaw
IntheAprilissueofScience,AndrewHodgessaidthis
In
the April issue of Science, Andrew Hodges said this
aboutTuring:
Hisuniversalmachinewouldcomputewithformulas
aswellasnumbers.
Hodgessays:``It(theuniversalmachine)putlogic,
g
y
(
)p
g ,
notarithmetic,inthedrivingseat.''

What else Turing foresaw

WhatelseTuringforesaw
TuringandhisPhDstudentRobinGandyworkedon
Turing
and his PhD student Robin Gandy worked on
typetheory,andTuringwrote
PracticalFormsofTypeTheory,JSL,1948.
Hisideawasthattypetheorywasthenatural
language for
for working
workingmathematics
mathematicsandthat
and that
Churchssimpletypetheorywasagoodmodel HOL
usersagree.

What OPLSS contributes

WhatOPLSScontributes
Constructivetypetheoriesandtheirproofassistantsare
Co
st uct e type t eo es a d t e p oo ass sta ts a e
thejointcreationofcomputerscience(informatics),
logic,andmathematics ITT,CTT,CICareexamples.
OPLSS isoneoftheschoolsthatbringstheplayersfrom
thesedisciplinestogether,nurturesworkintypetheory
p
g
,
yp
y
itsbasicconceptsandimportantapplications.
IbelievethatthePLcommunity willcontinuetoplaya
nurturingroleandunderstandsthatthesubjectisfar
fromfinishedandthatitplaysaunifyingrolein
p y
y g
computingtheory aswellasinprogramminglanguages.

What Remains to be Done?

WhatRemainstobeDone?
Consideroneofthemostbasicconceptsin
Consider
one of the most basic concepts in
constructivetypetheory realizabilitysemanticsfor
logic
g
underavarietyofdifferentnames:
y
propositionsastypes,proofsasterms(PAT)
propositions
as types proofs as terms (PAT)
proofsasprograms(programsfromproofs)
evidence semantics
evidencesemantics
CurryHowardisomorphism
Brouwer/Heyting/Kolmogorov (BHK) semantics
Brouwer/Heyting/Kolmogorov(BHK)semantics

A Poll
APoll
I dliketothinkthatpropositions
Id
like to think that propositionsastypes
as types
realizability isoneofthoseideasfamiliartomany
OPLSSparticipantsandthatitwilleventuallybe
p
p
y
knownbyallcomputerscientists thewaysets,
opensets,continuousfunctions,vectorspaces,
etc.areknowntoallmathematicians.
Howmanypeopleherecouldteachthisideatoa
nd y
computerscience2
p
yearstudent?

Brief Review: Propositional Evidence

BriefReview:PropositionalEvidence
Supposethatwehaveevidencetypesfortheatomic
Suppose
that we have evidence types for the atomic
propositions,A,B,C,.Hereishowevidenceis
definedforcompoundpropositions.
p
p p
[A&B]
[A
& B] ==[A]
[A] [B]Cartesianproduct
[B]
Cartesian product
[AvB]==[A]+[B]disjointunion
[A =>>B]
[A
B] ==[A]
[A] [B]functionspace
[B] function space
[A]==[A] voidfunctionstoemptytype

BriefReview:PropositionalEvidence
p
Supposethatwehaveevidencetypesfortheatomic
propositions A,B,C,
propositions
A B C Hereishowtodefineevidencefor
Here is how to define evidence for
compoundformulasusingtypes(orsets).

A & B == A x B
A B == A B
A B == A B
A == A

Evidence for Quantified Formulas

EvidenceforQuantifiedFormulas

[Ex B(x)]
[Ex.B(x)]==x:D
x:D [B(x)]dependentproduct
[B(x)] dependent product
[Allx.B(x)]==x:D[B(x)]dependentfunctions
Theexistentialquantifierisalsoregardedasa
type,adisjointsumofafamilyofevidencetypes.

EvidenceforQuantifiedStatements
x : A.Bx == x : A x Bx
x : A.Bx == x : A Bx
Theexistentialquantifierisalsoregardedasa
type a disjoint sum of a family of evidence types
type,adisjointsumofafamilyofevidencetypes.

Simple Example
SimpleExample
Considerthemeaningofthispropositioninthe
Consider
the meaning of this proposition in the
realizabilitysemantics:
(A&B =>>C)
(A&B
C) =>>(A
(A =>>(B
(B =>>C))
C))
ItsrealizerinCTTisthisuntypedappliedterm
Its
realizer in CTT is this untyped applied term
f. x. y.f(<x,y>)or
f,x,y.f(<x,y>)

Simple Example
SimpleExample
Considerthemeaningofthispropositioninthe
Consider
the meaning of this proposition in the
realizabilitysemantics:
(A&B =>>C)
(A&B
C) =>>(A
(A =>>(B
(B =>>C))
C))
Here is the typing judgment a la CTT
HereisthetypingjudgmentalaCTT
f: (A&B) => C x:A y:B | f(<x,y>)
f:(A&B)=>C,x:A,y:B|
f(<x y>) C
Thi i th
ThisisthespecificationfortheCurryingtask.
ifi ti f th C
i t k

UnCurrying
Un
CurryingTask
Task
(A=>(B=>C))=>(A&B=>C)
(A
=> (B => C)) => (A&B => C)
theuntypedrealizeris
f.
f p.f(p.
p f(p 1)(p.
)(p 2)
p.1 andp.2 projectfromthepair,
e.g.p.1 Aandp.
A d 2B
thetypingjudgmentis
h
i j d
i
f:(A=>(B=>C)),p:A&B| f(p.1)(p.2) C

Here is a challenge
Hereisachallenge
Ourcolleaguesfinallyunderstandthatconstructive
Our
colleagues finally understand that constructive
logicisnaturalandeasytounderstand,directlytied
tospecifyingprogrammingproblemsandallthat.
Theylearnsomelogic,getexcitedandwanttoknow
theconsistency andcompleteness theoremsforthis
id i
ideainpurefirstorderlogic
fi t d l i FOL.
FOL
Wegivethemproofrulesandconsistency,then
WegivethembackKripkesemantics andpossibly
aclassicalcompletenessproofaswell!!Andthenwe
give them excuses
givethemexcuses.

Lecture Plan
LecturePlan
1. Lookataconstructivecompletenessprooffor
i i i i i fi
intuitionisticfirstorderlogic(iFOL)withrespectto
d l i (iFOL) i h
itsintendedrealizabilitysemantics.

2 IInjectdiscussionoftypetheorydesignissuesand
2.
j di
i
f
h
d i i
d
possiblefuturedirections,andfollowupin
subsequent lectures as appropriate and suited your
subsequentlecturesasappropriateandsuitedyour
interests.

Narrative about Completeness

NarrativeaboutCompleteness
First OrderLogic(FOL)isacentralnotioninlogic
FirstOrder
Logic (FOL) is a central notion in logic
(math,philosophy,computerscience,linguistics).Its
taughtinbasicallyalllogicbooks.
Gdelscompletenesstheoremtiestogetherproof
andvalidity centraltoclassicalFOLstudyliking
proof theory and model theory
prooftheoryandmodeltheory.
Therewasnoconstructivetheoremofthiskindfor
There
was no constructive theorem of this kind for
intuitionisticfirstorderlogic(iFOL)usingthe
intendedrealizabilitysemantics(BHK).
CompletenessonlyforBethandKripkesemantics.

GdelsPhDThesiswasCompleteness
ofFOL
f
OnJuly6,1929Gdel
On
July 6 1929 GdelssPhDdissertationwas
PhD dissertation was
approvedbyhisadvisorHansHahn.Itwastitled:On
thecompletenessofthecalculusoflogic.
p
f
f g
In1930itwaspublishedas:Thecompletenessofthe
In
1930 it was published as: The completeness of the
axiomsofthefunctionalcalculusoflogic.Heused
theaxiomsofPrincipiaMathematica.

Another Poll
AnotherPoll
How many of you have seen a proof of this theorem?
Howmanyofyouhaveseenaproofofthistheorem?
How many of you could teach the proof?
Howmanyofyoucouldteachtheproof?
IIthinkthesimplestandclearestproofisfrom
thi k th i l t d l
t
fi f
SmullyansFirstOrderLogic,Springer1968,Dover
1993 using tableaux pp 5761
1993,usingtableaux,pp57
61.

GdelssCompletenessTheorem
Gdel
Completeness Theorem
Thistheoremsaysthatthereisasetofinference
s t eo e says t at t e e s a set o
e e ce
rulesandaxiomssuchthateveryformulaofFOL
thatistrueineverymodel(valid)isprovable
usingtheserules.
h
l
Thesearethecompletesetofrules.
ThistheoremsetsusupforGdelsmorefamous
incompletenesstheoremforarithmetic.

Classical Models and Truth

ClassicalModelsandTruth
Therearemanywaystoprovethistheorem,we
There
are many ways to prove this theorem, we
dontteachGdelsoriginalproofsincethereare
nowmuchbetterones.Alsowenowsometimes
referthemodelsasTarksi
f th
d l
T k i structures.These
t t
Th
structureshaveadomainofdiscourseD,assumedto
n ofthelogic,
benonempty,andforeveryrelationR
p y,
y
g ,
weassignapropositionalfunctionRn:D Bool.So
weget<D,R1,R2,,Rm>asastructureormodel.
EachRi hasanarity ni,Ri:Dni Bool.

Classical Method of Proof

ClassicalMethodofProof
Theusualclassicalproofassumesthataformula
e usua c ass ca p oo assu es t at a o u a
Gisvalid(trueinallstructures),andthena
systematicmethodofsearchingforaproof is
d
devisedbasedontheproofrules.
db d
h
f l
Wethenshowthatifthesystematicprocedure
failstofindaproof,itwillgenerateastructureM
in which the formula is not true contradicting its
inwhichtheformulaisnottrue,contradictingits
validity.Runningonforevercreatessucha
structureaswellbyKnigs
y
g Lemma.

Need for a new proof method

Needforanewproofmethod
ThisclassicalproofmethodforFOLfailsforiFOL,and
This
classical proof method for FOL fails for iFOL, and
weneedtochangetheformulation.
First,thedomainDmustbeatype.Second,the
relationsarenotmapsintoBool,theymustbemaps
into Prop the propositions on D Third the
intoProp,thepropositionsonD.Third,the
semanticsisnotbasedonTarski butonBrouwer,on
realizability.Fourth,wemustbeabletofindthe
y
,
proof,notshowthattheprooffindingprocedure
mustfail,wemustknowthatitwillhalt.

Narrative Theme continued

NarrativeThemecontinued
Theintendedsemanticsiscloselytiedtoproofs,the
The
intended semantics is closely tied to proofs the
computationalcontentofproofsprovidesthe
realizers.
ResultsbyGdel,Kreisel,etc.sinceBeth1947
Results
by Gdel Kreisel etc since Beth 1947
suggestthatthereisnoconstructivelyvalid
completeness theorem with respect to BHK
completenesstheoremwithrespecttoBHK
semanticsandintuitionisticvalidity.Iwillmention
theseresultsnext.

Narrative Theme continued

NarrativeThemecontinued
Thenegativeresultsareforintuitionisticvalidity,say
The
negative results are for intuitionistic validity say
asgiveninTroelstra andvanDalen(TvD88).Thereis
avaguenessandlackofcanonicalitythere,but
g
y
,
someresults:
KreiselbasedonGdelshowedthatgivenChurchs
Thesis (CT) the valid formulas of iFOL are not r.e.
Thesis(CT)thevalidformulasofiFOLarenotr.e.
Moreover,completenessimpliesMarkovsPrinciple.

Intuitionistic Validity
IntuitionisticValidity
Thevaliditysemanticscarriesovertheclassical
y
notionofamodel andusesBHKsemanticsforthe
logicaloperatorsonpropositionsandtypesforthe
domain of discourse, e.g. D is a type in the first
domainofdiscourse,e.g.Disatypeinthefirst
universe,Type1.
WesaythatformulaGisvalidiffitisrealizableinall
modelsofthedomainandtheatomicpropositions.
So modern constructive type theories like CIC ITT
SomodernconstructivetypetheorieslikeCIC,ITT,
andCTTmakethissemanticsprecise.Thatisabig
stepsince1988.

Narrative Theme continued

NarrativeThemecontinued
CTTimplementedbyNuprlalsoprovidesaclosely
relatednotion,uniformvalidity,byusingintersection
,
y, y
g
typesandpolymorphicterms.
ThatconceptisnotinCICnorITT.(Itcouldeasilybe
addedtoITT82.)

Narrative Theme continued

NarrativeThemecontinued
Thepunchlineisthatuniformvalidityprovidesa
The
punch line is that uniform validity provides a
strongcompletenessresult,andtherightone,since
itcapturespreciselytheobservationthatiFOLproofs
p
p
y
p
provideuniformrealizers,alsocalledpolymorphic
realizers,astheircomputationalcontent.
HereishowIplantoprovidethedetailsforthis
Here
is how I plan to provide the details for this
narrative.

Proof Outline Plan

ProofOutlinePlan
1.MentionbrieflyConstructiveTypeTheory(CTT02),
1.
Mention briefly Constructive Type Theory (CTT02),
conceptssince2002neededforthecompleteness
theorem.
2. Sketchaformalsemanticsforintuitionisticfirst
orderlogic(iFOL)andminimalfirstorderlogic
(mFOL).
3.Stateandillustratethenewcompleteness
th
theorem,provedwithMarkBickfordin2011.
d ith M k Bi kf d i 2011

SomeUnifyingBasicConceptsfrom
TypeTheory
h
Computability,e.g.partialcomputablefunctionsin
all types (Turing complete)
alltypes(Turingcomplete)
Polymorphism and intersection types
Polymorphismandintersectiontypes
Uniform validity and constructive completeness
Uniformvalidityandconstructivecompleteness

Realizers for Inference Rules

RealizersforInferenceRules
RulesforImplication
Rules
for Implication
ImplicationIntroduction(=>R)
:H| A=>Bby (x.slot)
:H,x:A| Bby b(x)^
Therealizerorprooftermis,x.b(x)

Sample Refinement Proof

SampleRefinementProof
| A=>(B=>A)by (x.__)
x:A|
| (B=>A)by
(
) b (y.__)^
(
)
x:A,y:B| Aby x^(axiom)
Theuntypedrealizeris:x.
The
untyped realizer is: x y.x.Noticethat
y x Notice that
thisispolymorphic,i.e.uniforminA,B.

Grounded in computation
Groundedincomputation
Constructivetypetheoryderivesitsmeaning
Co
st uct e type t eo y de es ts ea g
fromanunderlyingcomputationsystem,usually
definedbyreductionrulesinthestyleofPlotkins
structuredoperationalsemantics.
d
l
Forexample,untypedlambdaterms,(x.b),are
consideredirreduciblevalues,andapplications
ap(f;a) are evaluated by reducing f to a function
ap(f;a)areevaluatedbyreducingftoafunction
value,thenapplyingthefunctionvaluetothe
argumenta(eitherbynameorvalue).
g
(
y
)

Untyped Reduction Relation

UntypedReductionRelation
TheITTandCTTapproachtocomputation
pp
p
mediatesalongstandingdebateincomputer
sciencebetweenthoseinthenotypescamp
who believe that computation should be
whobelievethatcomputationshouldbe
untyped,asintheuntypedlambdacalculus(Lisp,
Scheme),andthoseinthetypescampwho
b li d it h ld b t d (Algol68,Java,F#).
believeditshouldbetyped
(Al l68 J
F#)
InCTTandITTthebasicreductionrelation
In
CTT and ITT the basic reduction relation
definingcomputabilityisuntyped,butreasoning
istyped,thisisfundamentaltocompleteness.

Openended
Open
endedComputationSystem
Computation System
InCTT,ITT,andCICthecomputationsystemisleft
In
CTT, ITT, and CIC the computation system is left
openended,itisnotpossibletoproveunsolvability
byenumeratingallpossiblecomputationalforms.In
particular,ChurchsThesis(CT)isnotpostulated.
InbuildingtheNuprlproofassistantforCTT84,we
anticipatedextendingthecomputationalmodelto
concurrentsystemsandtophysicaldevices.ThusCT
wasnottheappropriatenotion.

A Computational Metatheory
AComputationalMeta
theory
Edinburgh
g LCF showedthepowerofhavinga
p
g
computationalmetatheorybasedonaclean
functionalprogrammingmodelasthebasisfor
automatingreasoning.Agda,HOL,Coq,Nuprl,and
g
g g ,
, q, p ,
MetaPRLarealldescendentsoftheLCFproof
assistantarchitecture.
KeytoMilnersLCFistheideathatprogramsare
polymorphic
p
y
p andthecompilerattemptstoinferthe
p
p
typeincontextgivensomebasetypessuchas
integersandlists.Thetypecheckerwasasmall
proof assistant.
proofassistant.

An Aside on Proof Structure

AnAsideonProofStructure
Thestructureofproofsastactic
The
structure of proofs as tactictrees
treesadoptedin
adopted in
NuprlsimplementationofCTTarosefroma
convergenceofconcerns:
g
programmingbyrefinement(PRL)
programming
by refinement (PRL)
topdownproblemsolving(AI)
LCF t ti
LCFtacticsandtacticals
d t ti l
(tableauxstyleproofs)

APictureofProofTrees
G
H1 G1

H2 G2

pf

44

ProofStructurewithExtracts
G by op(op1(lt,md,rt) ; op2(lt,rt) )
H1 G1 by
b op1(lt,md,rt)
op1(lt md rt)

H2 G2 by op2(lt,rt)
op2(lt rt)

pf

45

AnalyzingProofStructure
y g
key insights
clever step
filled in by machine
humans ignore
humans need
experts needed
routine
learners need
obvious
Trivial
well known
minor variant of pf

46

Some Unifying Basic Concepts

SomeUnifyingBasicConcepts
Polymorphismandcomputationalsemanticsfor
records algebraic structures and objects
records,algebraicstructures,andobjects.
Uniformvalidityandconstructivecompleteness.
Computabilityofpartialfunctions,domains.

Influence of ML style polymorphism

InfluenceofMLstylepolymorphism
ThepoweroftheMLorganizationoftactic
The
power of the ML organization of tacticbased
based
inferenceiswellknown.
Iwanttodrawattentiontothewayinwhich
polymorphism also advanced propositions as types
polymorphismalsoadvancedpropositionsastypes
asacomputationalsemantics,illustratingtheunity
and synergy among the new concepts.
andsynergyamongthenewconcepts.

Type Polymorphism
TypePolymorphism
Thetermx.x istheidentityfunctiononalltypes,
y
yp ,
i.e.x.x A>AforanytypeA.
Thetermx.y.pair(x;y))denotesapairing
( ))
functionoftype(A>(B>(A B))foranytypes
A and B. We also used x.y. <x,y>
AandB.Wealsousedx.y.
x,y earlier.
earlier.
Wesaythatsuchtermsarepolymorphic.
y
p y
p
Note,thefunctionscomputedbythesetermsare
toobigtoexistinSetTheories.

Intersection Types
IntersectionTypes
Thebinaryintersectiontypewasusedasalogical
y
yp
g
{
connectiveforpropositionallogicbyCoppo and
Dezani in1978.

A B
ThesearetheelementsinbothtypesAandBwith
xx=yyintheintersectioniffx
in the intersection iff x=yyinA&x
in A & x=yyinB.
in B.

Intersection Types over a Family

IntersectionTypesoveraFamily
WecanalsointersectafamilyoftypesB
y
yp
a.Let

aA

denotethetypeofelementsthatbelongtoBa for
everyainType.Thisintersectionoperatoractsasa
uniformquantifieroverA.
q

A:Type

A => A

containsexactlyx.x.

Aside on Dependent Records

AsideonDependentRecords
InLICS2003A.Kopylov
py introduceddependent
p
intersectiontypes thatallowedhimtodefine.
DependentRecords
{x1:A1;x2:A1(x1);x3:A(x1,x2);;xn:An(x1,,xn1)}
functionsr fromLabels{x1,,xn}tovalues
wherer(x1)A1,r(x2)A2(r(x1)),etc.
ThismechanismiswidelyusedinallNuprl
applications and Kopylov PhD 2004 gave us a theory
applications,andKopylovPhD2004gaveusatheory
ofobjects.

Cumulative Impact
CumulativeImpact
Ourworkonintersectionanduniontypesrevealed
Our
work on intersection and union types revealed
thebenefitsofpolymorphismanditsexplanatory
powerinunderstandingalgebraicstructure,classes,
andobjects.Thisledustomakethesenewtype
d bj t Thi l d t
k th
t
constructorsessentialtoCTTafter2003.
Webegantosystematicallyexploittheseideasand
applythemheavilyinourpracticalworkandin
pp y
y
p
lookingatlogicalquestions.Imadeanobservationin
a2010classthatfascinatedme.Hereitis.

Realizers from Proofs

RealizersfromProofs
WecouldseeclearlyfromproofsystemsforiFOL,
We
could see clearly from proof systems for iFOL
thatalloftherealizersareuniformlyvalidinthe
sensethattheybelongtothetypeoftheaxiom
y
g
yp
regardlessofthedomainD andtheatomic
propositionsPi andrelationsR(x1,,xn).
Wewilllookatthisfactforrefinementstyle
presentationoftheinferencerulesandexplainthe
realizersbuiltfromtheserules.

Refinement Style Rules

RefinementStyleRules
Ourrulesresembletableauxproofsinthattheyare
Our
rules resemble tableaux proofs in that they are
topdown.Fromaproofgoal,wegeneratesubgoals.
Thegoalsandsubgoalsaresequents:

u1:A1,,un:An | G
moresuccinctly:H| G

Realizers for Inference Rules

RealizersforInferenceRules
Axioms
u1:A1,,u
un:An |
| Ai by ui
GenerallytheAi arepropositions,butwewillalso
havedeclarations d:Dthatdisinthedomainof
di
discourse.TheywilljustifythegoaldinD.
Th
ill j tif th
l di D

Realizers for Inference Rules

RealizersforInferenceRules
RulesforImplication
Rules
for Implication
ImplicationIntroduction(=>R)
:H| A=>Bby (x.slot)
:H,x:A| Bby b(x)^
Therealizerorprooftermis,x.b(x)

Sample Refinement Proof

SampleRefinementProof
| A=>(B=>A)by (x.__)
x:A|
| (B=>A)by
(
) b (y.__)^
(
)
x:A,y:B| Aby x^(axiom)
Therealizeris:x.
The
realizer is: x y.x.Noticethatthisis
y x Notice that this is
polymorphic,i.e.uniforminA,B.

Realizers for Inference Rules

RealizersforInferenceRules
RulesforImplication
p
ImplicationElimination(=>L)
1: H,x:A=>B,
H x: A => B 2:H
:H|
| Gby
G by ap(x;slot)
ap(x; slot)
1: H,x:A=>B,
,
, 2:H|
| Abya^
y
1: H,x:A=>B,y:B,2:H| Gby g(y)^
realizer

1,,x,
, 2.g(ap(x;a)/y)
g( p( ; )/y)

Realizers for Inference Rules

RealizersforInferenceRules
Rulesfor&
Rules
for &
Introduction(&R)
: H | A&Bby
:H|
A & B by <slota,slotb>
< slot a slot b>
:H| Aby a()forslota^
:H| Bby b()forslotb^
Therealizeris.<a(),b()>wherea,b might
dependonthevariablesin,sayu1,,un.

Realizers for Inference Rules

RealizersforInferenceRules
Rulesfor&
Rules
for &
Elimination(&L)
1: H,x:A&B,2:H| Gby spread(x;u,v.slot)
1:H,u:A,v:B,2:H| Gby g(u,v)forslot^
realizer

1,u,v,2.spread(x;u,v.g(u,v))

On Notation
OnNotation
realizer

1,u,v,
u v 2.spread(x;u,v.g(u,v))
spread(x;u v g(u v) )

ThespreadnotationisfromITT82andworks
h
d
i i f
82 d
k
wellasaproofterm,tellingushowtoname
thehypothesesusinglabelsuandv.
h h
h
i l b l d
Givenapairp,u=p.1andv=p.2.Wecan
alsosayletp=u,v
y
p
, ing,anMLlikenotation.
g,

Realizers for Inference Rules

RealizersforInferenceRules
RulesforExistentialQuantifier
ExistsIntro(ExistsR)
:H| Ex.G(x)by <d,slot>

:H| G(d)by g(d)^

:H| dinD
realizer

.<d,g(d)>

Sample Proof: Currying

SampleProof:Currying
f:(A&B)=>C| A=>(B=>C)by(x.__)
f:(A&B)=>C,x:A| (B=>C)by(y.__)
f:(A&B)=>C,x:A,y:B| Cbyap(f;__)
f:(A&B)=>C,x:A,y:B| A&Bby<x,y>^
f:(A&B)=>C,x:A,y:B,v:C| Cbyv=ap(f;<x,y>)
f.x y.ap(f;<x,y>)
,y ( ,y )
fx,y.f(<x,y>)

Realizers for Inference Rules

RealizersforInferenceRules
RulesforExistentialQuantifier
Rules
for Existential Quantifier
ExistsElimination(ExistsL)
1:H,x:Ex.R(x),2:H| Gby spread(x;u,v.slot)
1:H,u:D,v:R(u),
:H u:D v:R(u) 2:H
:H|| Gby
G by g(u,v)^
g(u v)
^
1,u,v,
u v 2.spread(x;u,v.g(u,v))
spread(x;u v g(u v))

Realizers for Inference Rules

RealizersforInferenceRules
RulesforUniversalQuantifier
Rules
for Universal Quantifier
UniversalIntro(AllR)
:H| Allx.G(x)by (x.slot)
:H x:D | G(x)by
:H,x:D|
G(x) by g(x)^
g(x)
^
x g(x)
x.g(x)

Realizers for Inference Rules

RealizersforInferenceRules
RulesforUniversalQuantifier
UniversalElim (AllL)
1:H,x:Allx.R(x),2:H| Gby ap(x;d)
1:H,x:Allx.R(x),y:R(d),2:H| Gby g(y)
1:H,x:Allx.R(x),2:H| d inD
realizer
li
1,x,
2.g(ap(x;d)/y),i.e.substitute
( ( d)/ ) i
b i
ap(x;d)forying(y).

Realizers for Inference Rules

RealizersforInferenceRules
RuleforFalse
FalseElim
1: H,x:False,2:H| Gby any(x)
1,x,2.any(x)
Thi l di i
ThisruledistinguishesiFOLfrommFOL.
i h iFOL f
FOL

Realizers for Inference Rules

RealizersforInferenceRules
ClassicalRule
Classical
Rule
ExcludedMiddle

H| PvPbymagic(P)
Thisrealizermakessenseinaclassicalaccountof
oraclecomputability,givenanoracleforP.This
realizerisnotpolymorphic.

Polymorphic Realizers
PolymorphicRealizers
Noticethatalloftherealizersexceptformagic(P)are
polymorphic Thus a notion of uniform validity will
polymorphic.Thusanotionofuniformvaliditywill
ruleoutExcludedMiddle.

More Examples
MoreExamples
Here is another simple realizer
Hereisanothersimplerealizer.
(Ex P(x) & Allx (P(x) => Q(x))) => Ey Q(y) by
(Ex.P(x)&Allx.(P(x)=>Q(x)))=>Ey.Q(y)by
h
h.spread(h;e,f.spread(e;d,p.<d,f(d)(p)>)).
d(h f
d( d
d f(d)( ) ))
Exercise:Buildtheprooffromthisrealizer.
ld h
ff
h
l

Exercises
Findtherealizersfortheseformulas.Inthe
Find
the realizers for these formulas. In the
nextlecturewewillbuildaprooffromthem
usingtheproofprocedureforcompleteness.
3.(~(P&Q)&(Pv~P)&(Qv~Q))=>~Pv~Q.
( (
) (
) (
))
4. Ex.(P(x)=>C)=>((Allx.P(x))=>C)whereChasno
freeoccurrencesofx.
Mycolleague,LironCohen,andRobbertKrebbers
bothstudentsintheschoolwillhelpyouunderstand
theexercises.

End of First Lecture

EndofFirstLecture

Lecture 2 Plan
Lecture2Plan
Questions about Lecture 1?
QuestionsaboutLecture1?
Wewilllookmorecloselyatthecompleteness
theorem its formulation and proof I will use the
theorem,itsformulationandproof.Iwillusethe
solutiontoexercisethreeasamotivator.
How many people got the solution?
Howmanypeoplegotthesolution?
Ifthereistime,Iwilldiscussotherusesofthe
If
there is time I will discuss other uses of the
intersectiontypeinCTT,thetypetheoryofNuprle.g.
itsuseindefiningdependentrecords.
Seeadditionalexercisesonthelastslides.

Consistency Theorem
ConsistencyTheorem
Noticethatfromouranalysisofproofsandtheir
Notice
that from our analysis of proofs and their
associatedextractedrealizers,wecanseebyasimple
inductionontheproofstructurethatiFOLis
consistent,everyprovableformulais(uniformly)
it t
bl f
l i ( if
l )
valid.
Wewillalsoseethatourcompletenesstheorem
p
providesanalternativeproofofcutelimination.
p

Constructive Model Theory

ConstructiveModelTheory
Wecanseethesedefinitionsandthesubsequent
We
can see these definitions and the subsequent
completenesstheoremsasanexampleof
constructivemodeltheory.
y

Formulating a Completeness Theorem

FormulatingaCompletenessTheorem
Wehavethiskeyobservation,alltherealizersfrom
the standard intuitionistic rules are polymorphic
thestandardintuitionisticrulesarepolymorphic.
Togetanifandonlyifresult,wewanttomake
To
get an if and only if result we want to make
someclaimlikegivenapolymorphicrealizerwecan
find a proof,e.g.
findaproof,
e.g.buildone.
build one.

Formulating a Theorem continued

FormulatingaTheoremcontinued
Can we make this idea precise? Does it make sense?
Canwemakethisideaprecise?Doesitmakesense?
IIknewitmadesensefromaresultofLuchli
knew it made sense from a result of Luchli in1970
in 1970
wherehetriedtodefinesomenotionofuniform
truthbytalkingaboutpermutations.Butweneeda
truth
by talking about permutations. But we need a
strongernotion.

Formulating a Theorem continued

FormulatingaTheoremcontinued
Weneedtosay,nomatterwhatdomainDwepick
We
need to say no matter what domain D we pick
andnomatterwhatatomicrelationsRi,therealizeris
thesame.
BecauseoftheworkofCoppo
Because
of the work of Coppo andDezani
and Dezani andthe
and the
workofReynoldsandPierce,weknewhowtosay
this.Wesaythattheevidencebelongstothe
intersectionofalltheevidencewecanfindforanyD
andRi.Thiswasanewidea.

Completeness Theorems
CompletenessTheorems
Theorem:AformulaGofmFOL
Theorem:
A formula G of mFOL isprovableiffitis
is provable iff it is
uniformlyvalid.
Corollary:AformulaGofiFOLisprovableiffitis
uniformly valid.
uniformlyvalid.
ConstableandBickford2010:Intuitionistic
Constable
and Bickford 2010: Intuitionistic
completenessoffirstorderlogic,arXiv2011.

Intersection Types
IntersectionTypes
Thebinaryintersectiontypewasusedasalogical
y
yp
g
{
connectiveforpropositionallogicbyCoppo and
Dezani in1978.

A B
ThesearetheelementsinbothtypesAandBwith
xx=yyintheintersectioniffx
in the intersection iff x=yyinA&x
in A & x=yyinB.
in B.

Intersection Types over a Family

IntersectionTypesoveraFamily
WecanalsointersectafamilyoftypesB
y
yp
a.Let

aA

denotethetypeofelementsthatbelongtoBa for
everyainType.Thisintersectionoperatoractsasa
uniformquantifieroverA.
q

A:Type

A => A

containsexactlyx.x.

We have a conjecture
Wehaveaconjecture
AformulaGofiFOLisprovableifandonlyifitis
uniformly true with respect to any domain D and
uniformlytruewithrespecttoanydomainDand
atomicrelationsRi.
Letstryitonlysomesimpleexamplesandseeifit
holds up.
holdsup.

Try it on the exercise

Tryitontheexercise
What is evidence for
Whatisevidencefor
( (P & Q) & (P P) & (Q Q) )
(~(P&Q)&(Pv~P)&(Qv~Q))=>~Pv~Q?
P Q ?
h.spread(h;na,dp,dq.decide(dp;
(
(
p..;
np.Inl(np)))
Whattodointhecasep.?Shouldwesplitonnq?

Trying on exercise
Tryingonexercise
Istheresomethingeasierthanonemorecasespliton
Is
there something easier than one more case split on
Q?YES,howaboutthisevidencefor~Q?
p.inr(q.na(<p,q>)
Thisisalmostright,butitonlyprovesFalse,weneed
to prove ~Q
toprove
Q.ButfromFalseanything!Soweuse
But from False anything! So we use
p.inr(q.any(na(<p,q>)))

Can we build a proof?

Canwebuildaproof?
Wesetuptheproblemthisway,wehaveaformula
We
set up the problem this way, we have a formula
Gandarealizerevd andwewanttoconstructa
proof
|= G,evd
Inthecaseof|=
| G1 =>G2,evd
weknowthatevd mustreducetoh.g.ourevidence
has this form that is what it means in type theory for
hasthisform,thatiswhatitmeansintypetheoryfor
evd tobeevidence.Sowecanstartbuildingthe
proof.Thisgivesusanewevidencestructure
p
g
.

Evidence structures
Evidencestructures
h:(~(P&Q)&(Pv~P)&(Qv~Q))|=
( (
) (
) (
) ) | ~Pv~Q,
spread(h;na,dp,dq.decide(dp;
p.inr(q.any(na(<p,q>)));
(
( (
)))
np.Inl(np)))

Continuing
This tells us to create a new evidence structure:
Thistellsustocreateanewevidencestructure:

na:~(P&Q),dp:(Pv~P),dq:(Qv~Q)|=~Pv~Q,decide(dp;
p.inr(q.any(na(<p,q>)));
np.inl(np)))

Continuing
na:~(P&Q)
na:
(P&Q),p:P,dq:(Qv
p:P dq:(Qv~Q)
Q)|=
|= ~P
Pv
v ~Q
Q,
inr(q.any(na(<p,q>)))
na:~(P&Q),p:P,dq:(Qv~Q)|= ~Q,

q.any(na(<p,q>))
( (< >))

na:~(P&Q),p:P,dq:(Qv~Q),q:Q|= ~Q,ap(na;<p,q>)

Looks promising so far

Lookspromisingsofar
Thisexampleworkedlikeacharm,butitwaspretty
simple You can try it on all the other exercises
simple.Youcantryitonalltheotherexercises.
Theyarealsoeasy,butIendthislecturewitha
harderchallenge.
g

A Nasty Case
ANastyCase
Whataboutthisverysimplecase?
y
p
|=(False=>A),f.any(f)
Italsoworkslikeacharm!Butsodoesthis!
| ( l
|=(False=>A),f.17
) f
Thisisdisconcerting
h
d
b
becauseoncewehaveFalseasa
h
l
hypothesis,welooseallevidence.

Need Minimal Logic

NeedMinimalLogic
Ifweuseminimallogic,thenwecanavoidthecase
If
we use minimal logic then we can avoid the case
ofvacuoushypotheses,butthenthetheoremisless
interesting.
g
HarveyFriedmantotherescue!Harveyshowedhow
Harvey
Friedman to the rescue! Harvey showed how
toembediFOLintomFOL usinghisfamousA
translation.(TimGriffinandChetMurthymadethis
famousinthe1990ssolvinganopenproblemusing
Nuprl.)

Completeness for iFOL

CompletenessforiFOL
UsingFriedman
Using
FriedmanssembeddingofiFOLintomFOL
embedding of iFOL into mFOL we
we
cangetcompletenessforiFOL.
GivenaformulaGofiFOL,itsembeddingintomFOL,
isobtainedbyreplacingalloccurrencesofFalsebyA,
call this GA.
callthisG
A isuniformly
IfGisuniformlyvalidiniFOL,thenG
y
,
y
validinmFOL,henceprovable.ByreplacingAby
FalseitisprovableiniFOL.

Cases for Minimal Logic

CasesforMinimalLogic
Considerhowtherighthandside,constructionrules
Consider
how the right hand side construction rules
workinevidencestructures.

H |= G,evd
H|=
G evd
G1 &G2 <g1,g2>
G1vG2 inl(g1),inr(g2)
G1 =>G2 x.g2(x)
Allx G
Allx.G
x g(x)
x.g(x)

These cases are easy

Thesecasesareeasy
H|= G1,g1
H|=
| G2,g2
H|=Gi,inl(g1)
Thecomplexityoftheproblemdecreasesinthese
The
complexity of the problem decreases in these
cases,andwecankeepdecomposing theevidence
term until we reach the leaves.
termuntilwereachtheleaves.

A hard case
Ahardcase
H,f:A=>B,H|= G,ap(f;a)
Howdowejustifytheclaim
H f:A =>B
H,f:A
>B,H
H|=
|= A,a
A a ?

Finitary models
Finitarymodels
Wejustifythisimplicationeliminationcaseby
looking at a subset of the models that we call finitary
lookingatasubsetofthemodelsthatwecallfinitary.
OnthesemodelsforAwecanensurethatiffisgiven
anargumentnotinA,thenitwilldiverge.Herewe
g
,
g
dependonhavingpartialtypes,whichwedenoteas
.
Wesaythata belongsto ifitbelongstoA ifit
converges.

Constant functions
Constantfunctions
Itisalsoimportantinthecaseoffunctionsffrom
It
is also important in the case of functions f from
A=>Bthatwemakesurewereturnthesameresult
ifwecallthefunctionf twiceonthesameargument.
g
Wedothisbynotingthatwecanalwaysassign
constantfunctionstothesewitnessesforA=>B
becauseoncewehaveanyelementofB,that
suffices.

Universal witnesses
Universalwitnesses
Inthecaseofevidencefunctionsforuniversally
quantified formulas f: Allx G(x) we need to
quantifiedformulasf:Allx.G(x),weneedto
remembertheapplicationsofthefunctionandstore
itsgraphondomainelements.Thefunctionsneedto
g p
beequalonlyonidenticalelements,d.

The really hard case

Thereallyhardcase
Wehaveonlybeenthinkingaboutevidencethatis
built from logical
builtfrom
logicalbits
bits,butweneedtoimaginethat
but we need to imagine that
evd isgiventousasanyterminCTTthatweknowis
evidence.Itmightusenumbertheoryorgraph
g
y g p
theorytoshowthatGisrealizable.Howcanwe
copewithanypossiblekindofevidence?

Hard Exercise
HardExercise
SShowthatthefollowingtypetheorytermisevidencefor
o t at t e o o g type t eo y te
s e de ce o
(((A&B)=>(A&B))=>(CvD))=>(C=>E)=>E
h,f,g.letn=gcd(10,5)in
letm=last(factorization(111))in
let I1 =(x.x)
letI
(x x)n in
letI2 =(p.<p.1,p.2>)m in
(if isl(h(I1))thenfelseg)
(ifisl(h(I
)) then f else g)
letx=h(I2)inifisl(x)thenoutl(x)else
outr(x))

The intuitionistic bit

Theintuitionisticbit
InsteadofusingKnigs Lemma,ourproofuses
anintuitionisticversioncalledtheFanTheorem.
Kleeneshowedthatthistheoremisnot
consistentwithChurchsThesis.
Thetheoremsaysthatinanyfinitelybranching
t
treegeneratedbyaconstructiveprocess,ifevery
t db
t ti
if
branchterminates,thenthereisauniformbound
on the length of any path
onthelengthofanypath.

Main Narrative Continued

MainNarrativeContinued
Thesetheoreticalresultsmakeconstructivetype
These
theoretical results make constructive type
theorymoreappealingandcomplete.Apractical
testofsuchtheoriesisthatwecanusethemas
practicalprogramminglanguagesthatsupport
correctbyconstructionprogramming.
Wewillconsidertheseissuesinthelastlectureon
proofsasprocesses.

Partial Types
PartialTypes
Wewillnowexaminesometypesusedintheproof
that distinguish NuprlssCTTfromCoq
thatdistinguishNuprl
CTT from CoqssCICand
CIC and
reflectonthefutureoftypetheory.Wealsoseea
significantdifferencefromthesettheoryapproach
g
y pp
totheseideas.

Computability in All Types

ComputabilityinAllTypes
HereishowComputationalTypeTheory(CTT)defines
Here
is how Computational Type Theory (CTT) defines
recursivefunctions.Considerthe3x+1functionwith
naturalnumberinputs.
p
f(x) =ifx
f(x)
if x=0
0then1
then 1
elseifeven(x)thenf(x/2)
else f(3x+1)
elsef(3x+1)
fi
fi

Alternative Syntax
AlternativeSyntax
f =function(x.ifx=0then1
elseifeven(x)thenf(x/2)
l if
( ) th f( /2)
elsef(3x+1))

Using Lambda Notation

UsingLambdaNotation
f =(x.ifx=0then1
(
elseifeven(x)thenf(x/2)
elsef(3x+1))
Hereisarelatedtermwithfunctioninputf
(f.(x.ifx=0then1
elseifeven(x)thenf(x/2)
( )
( / )
elsef(3x+1)))
Therecursivefunctioniscomputedusingthisterm.

Defining Recursive Functions in CTT

DefiningRecursiveFunctionsinCTT
fix((f.(x.ifx=0then1
elseifeven(x)thenf(x/2)
l if
( ) th f( /2)
elsef(3x+1)
fi
fi)))

Recursion in General
RecursioninGeneral
f(x)=F(f,x)isarecursivedefinition,also
( ) (, )
,
f=(x.F(f,x))isanotherexpressionofit,andthe
CTTdefinitionis:
fix((f.(x.F(f,x)))
whichreducesinonestepto:
(x.F(fix((f.(x.F(f,x)))),x))
bysubstitutingthefixtermforfin(x.F(f,x)).

Nonterminating
Non
terminatingComputations
Computations
CTTdefinesallpartialrecursivefunctions,andpartial
CTT
defines all partial recursive functions, and partial
elementsoftypeshencenonterminatingonessuch
asthis
fix((x.x))
whichinonereductionstepreducestoitself!SoCTT
is a Turing complete programming language
isaTuringcompleteprogramminglanguage.
Thissystemofcomputationisasimplefunctional
This
system of computation is a simple functional
programminglanguage.InCTTitisessentiallythe
programminglanguagealsousedinthemetatheory,
ML.

Partial Functions
PartialFunctions
Theconceptofapartialfunctionisanotherexample
The
concept of a partial function is another example
ofwheretypetheoryandsettheorydiffer
substantiallyy andwhereCTTdiffersfromCIC.Itisan
importantdifferencebecausethehaltingproblem
andrelatedconceptsarefundamentallyabout
whethercomputationsconverge,andintypetheory
thisistheessenceofpartiality.Forexample,wedo
not know that the 3x+1 function belongs to the type
notknowthatthe3x+1functionbelongstothetype
N>N.

Partial Functions
PartialFunctions
Wedohoweverknowthatthe3x+1function,callitf
We
do however know that the 3x+1 function call it f
inthisslide,isapartialfunction fromnumbersto
numbers,thusforanyn,f(n)isanumberifit
,
y , ( )
converges(halts).
InCTTwesaythatavalueabelongstothebartype
providedthatitbelongstoAifitconverges.Sof
belongstoAfor=N.

Unsolvable Problems
UnsolvableProblems
Itisremarkablethatwecanprovethatthereisno
It
is remarkable that we can prove that there is no
functioninCTTthatcansolvetheconvergence
p
problemforelementsofbasicbartypes.
yp
Wewillshowthisfornonemptytypewith
We
will show this for non empty type with
elementthatconvergesinAforbasictypessuch
as Z, N, list(A), etc. We rely on the typing that if F
asZ,N,list(A),etc.WerelyonthetypingthatifF
mapsto,thenfix(F)isin.

Unsolvable Problems
UnsolvableProblems
Supposethereisafunctionh thatdecideshalting,e.g.
h:Bool.

Definethefollowingelementofforin

A:
d=fix((x.ifh(x)thenelsefi))
whereisadivergingelement,sayfix((x.x)).
Notedisinbythetypingruleforfix.
Nowweaskforthevalueofh(d)andfinda
contradictionasfollows:

Generalized Halting Problem

GeneralizedHaltingProblem
Supposethath(d)
Suppose
that h(d) =t,thendconverges,but
t, then d converges, but
accordingtoitsdefinition,theresultisthediverging
computationbecausebycomputingthefixterm
f
foronestep,wereduce
t
d
to

d=fix((x.ifh(x)thenelsefi))
d=ifh(d)thenelsefi

bysubstitutingthefix()forxinthebody.
Ifhd(d)=f,
f thenweseethatdconvergesto,again
g
g
acontradictiontothemeaningofh.

Why is this result noteworthy?

Whyisthisresultnoteworthy?
Firstnoticethattheresultappliestoany
First
notice that the result applies to any
purportedhaltingfunctionh.Inclassical
mathematics,theresurelyisanoncomputable
,
y
p
functiontodecidehalting.
Moreover the standard way to present
Moreoverthestandardwaytopresent
unsolvability constructivelyistomodelTuring
machinesandprovethatnoTuringcomputable
p
g
p
functioncansolvethehaltingproblem.Butthis
resultsaysthatnofunctioncansolveit.

Why is this result noteworthy?

Whyisthisresultnoteworthy?
Anotherreasontotakenoteofthisresultisthat
ot e easo to ta e ote o t s esu t s t at
itissosimple,aboutthesimplestunsolvability
resultaround noindexings,noreflection,
simplerealisticcomputingmodel.
l
l
d l
Butthemainreasontotakenoteisthatthis
resultcontradictsclassicalmathematicsand
shows that CTT with bar types is not consistent
showsthatCTTwithbartypesisnotconsistent
withthelawofexcludedmiddle,astherestof
thetheoryis.
y

ENDOFLECTURETWO
O
C
O

Extra Reading on Type Theory

ExtraReadingonTypeTheory
InthenextfewslidesIpresentotherresultsinCTT
type theory that are generally noteworthy for their
typetheorythataregenerallynoteworthyfortheir
impactontheimplementationandfortheirwideuse
inNuprltheories.
p

Records and structures

Recordsandstructures
Wewilltakeabrieflookathowwecandefine
We
will take a brief look at how we can define
algebraicstructuresasrecords,illustratingother
advantagesofintersectiontypesandpolymorphism.
g
yp
p y
p
Thisworkformsthebasisofanaccountofobjectsin
CTT.

Subtyping andPolymorphism
and Polymorphism
Thereisaprimitivesubtyping relationinCTT.
means that the elements of A are
are
A B meansthattheelementsofA
elementsofB anda=binA impliesa=binB.
Here are some basic facts about subtyping:
Herearesomebasicfactsaboutsubtyping:

{x : Z

| x > 0} Z

( A A & B B ) A B A B
( A A & B B ) A + B A + B
( A A & B B ) A B A B

Applications of Polymorphism
ApplicationsofPolymorphism
Polymorphismallowsanelegantformaltreatmentof
Polymorphism
allows an elegant formal treatment of
recordtypes,objects,andinheritance.Wewilllook
atrecordsandprovideasimplesemanticsforthem
p
p
andasimplebinaryoperationtobuildthem.
Thisaccountalsoallowsustodefinedependent
records,asignificantextensionoftherecord
concept.

Dependent Records
DependentRecords
{x1:A1;x2:A1(x1);x3:A(x1,x2);;xn:An(x1,,xn1)}
functionsr fromLabels{x1,,xn}tovalues
wherer(x1)A1,r(x2)A2(r(x1)),etc.

Record Types and Inheritance

RecordTypesandInheritance
Wecandefinealgebraicstructuresasrecords.Forexample,
g
p ,
amonoid oncarrierSisarecordtypeoverSwithtwo
components,anassociativeoperatorandanidentity:
Monoid ={op:SxS
{ op: S x S >S;id:S}.
S; id: S}.
AgroupextendsthisrecordtypeonSbyincludingan
inverse operation
inverseoperation.
Group ={op:SxS>S;id:S;inv:S >S}
AGroupisasubtypeofaMonoid asweshownext.

G roup M onoid
id

Groups and Monoids asRecords

GroupsandMonoids
as Records
Thebasicideaisthattheelementsofarecordtype
arefunctionsfromthefieldselectorsnames,e.g.
{op,id,inv} toelementsoftypesassignedtothemby
amappingcalledasignature,Sig:{op,id,inv}>Type.
i
ll d i
i { id i }
HerearethemappingsforaGroupoverthecarrierS.
Si ( ) S S S Si (id) S Si (i ) S S
Sig(op)=SxS>S,Sig(id)=S,Sig(inv)=S>S
MonoidandGrouparethesedependentfunction
spaces Group a subtype of Monoid
spaces,GroupasubtypeofMonoid.

i:{op,id,inv}Sig(i)i:{op,id}Sig(i)

Intersection and Top Types

IntersectionandTopTypes
Wecanbuildrecordsusingabinaryintersection
e ca bu d eco{ ds us g a b a y te sect o
oftypes,

A B

ThesearetheelementsinbothtypesAandBwith
x=yintheintersectioniffx=yinA&x=yinB.
Topisthetypeofallclosedtermswiththetrivial
equality,x=yforallx,yinTop.Noteforanytype
A,wehaveand.
A Top
ATop = A

Building Records by Intersection

BuildingRecordsbyIntersection
Recordtypescanbebuiltbyintersectingsingleton
Record
types can be built by intersecting singleton
recordsasfollows.Let
Id ={x,y,z,}andSig:Id
Id
{x y z } and Sig: Id >>Typewhere
Type where
Sig(i)=Topasthedefault.Then

{x:A ; y:B} if xy
{x:A;y:B}ifxy
x:A y:B=
{x:AB}ifx=y.

Axiomatizing Coinductive
AxiomatizingCo
inductiveTypes
Types
In1988beforeweaddedintersectiontypestoCTT,
In
1988 before we added intersection types to CTT
weaxiomatizedcoinductivetypesandimplemented
theminNuprlasprimitive.
p
p
NowwithintersectiontypesandtheToptype,we
Now
with intersection types and the Top type, we
candefinethemandintroducevariants.

Defining Corecursive
DefiningCo
recursiveTypesinCTT
Types in CTT
LetFbeafunctionfromtypestotypessuchas
Let
F be a function from types to types such as
F(T)=N xTorF(T)=St>In>StxT.Define
objects of the corecursive
objectsoftheco
recursivetypecorec(T.F(T))
type corec(T F(T))
astheintersectionoftheiteratesofFapplied
to Top
toTop.
n

F (T o p )

n :N

TTobuildelements,wetakethefixedpointofa
b ild l
k h fi d i
f
functionfinthefollowingtype.

T F(T )
T:Type

Elements of Coinductive
ElementsofCo
inductiveTypes
Types
Forexampletobuildelementsoftheco
For
example to build elements of the co
recursivetypeforthefunctionF(T)givenby
St >In
St
In >StxT
St x T
weusefix((t.(s,i.<update(s,i),t>))).
Itiseasytoshowbyinductionthatthis
belongs to the corecursive type If the
belongstothecorecursivetype.Ifthe
functionFiscontinuous,thetypeisafixed
point of F, F(corec(T.F(T)) corec(T.F(T)).
pointofF,F(corec(T.F(T))

Future Directions
FutureDirections
IIthinkwewillcontinuetoseeconstructivetype
think we will continue to see constructive type
theoryunifyconceptsfromlogic,mathematics,and
computerscience.Homotopytypetheoryisa
p
py yp
y
currentexampleasaregamesemantics.
Wewillseeappliedformaltheoriessupport
importantdeployedsystems.Thesetheorieswillbe
asdynamicasthesystems.

Future Directions
FutureDirections
Amoreinternalandspecializeddevelopmentwill
A
more internal and specialized development will
betheerosionofthebarrierbetween
mathematicsandmetamathematics asBrouwer
desired thereisonemathematics.
IalreadyseeNuprlappliedtoitselftoverifythe
optimizations to the evaluators for distributed
optimizationstotheevaluatorsfordistributed
protocols.Theseimplementedtheoriesandtheir
p
proofassistantsareautocatalytic.
y

Exercises
1. (P
(P=>>Q)
Q) =>>~Q
Q=>>~P
P
where~Pmeans(P=>False),notP.
Inminimallogic,wetakeaspecialconstantfor
False, say Any. While (False =>>P)holds,inminimal
False,sayAny.While(False
P) holds, in minimal
logic,(Any=>P)doesnotholdforarbitraryP.Show
2.(P=>Q)=>((Q=>Any)=>(P=>Any))
(
Q) ( (Q
y) (
y) )

Exercises continued
Exercisescontinued
3.((~(P
(P&Q)&(Pv
& Q) & (P v ~P)
P)&(Qv
& (Q v ~Q)
Q))=>
) => ~P
Pv
v ~Q
Q.
4 Ex
4.
Ex.(P(x)=>C)=>((Allx.P(x))=>C)whereChasno
(P(x) => C) => ( (Allx P(x)) => C ) where C has no
freeoccurrencesofx.
5 Ey.
5.
Ey ~Q(y)
Q(y)=>Allx.(P(x)=>Q(x))=>
=> Allx (P(x) => Q(x)) => ~Allx
Allx.P(x).
P(x)
6 (Ey
6.
(Ey.Allx.P(x,y)=>Eu.Allv.Q(u,v))=>
Allx P(x y) => Eu Allv Q(u v)) =>
(Ally.(Allx.P(x,y)=>Eu.Allv.Q(u,v)).

Hard Exercise
HardExercise
Recalltheexample:
p
(((A&B)=>(A&B))=>(CvD))=>(C=>E)=>E
Arethesebothcorrectrealizers?
h f g.decide(h(id
h.f.
d id (h(id1);c.f(c);d.g(d))
) f( ) d (d))
h f g.ap(decide(h(id
h.f.
g ap(decide(h(id1);c
);c.f;d
f;d.g);ap(decide(h(id
g);ap(decide(h(id2);c.c;d.d))
);c c;d d))
whereid1 =x.x ,,id2=x.spread(x;x
p
( ; 1,,x2.<x1,,x2>))

Formoreinformation,articles,and
,
,
examplesofverifiedcodesee
www nurpl org
www.nurpl.org

THE END
THEEND

Questions?

Alsoseewww.nuprl.org
l
l