proofs are programs - cornell university · proofs are programs today’s music: two sides to every...
TRANSCRIPT
![Page 1: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/1.jpg)
Proofs are Programs
Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson
Prof. Clarkson Fall 2016
![Page 2: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/2.jpg)
Review
Currently in 3110: Advanced topics • Futures • Monads Today: An idea that goes by many names... • Propositions as types • Proofs as programs • Curry–Howard(–Lambek) isomorphism (aka
correspondence) • Brouwer–Heyting–Kolmogorov interpretation
![Page 3: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/3.jpg)
ACT I Types = Formulas
![Page 4: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/4.jpg)
Three innocent functions
let apply f x = f x
let const x = fun _ -> x
let subst x y z = x z (y z)
![Page 5: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/5.jpg)
Three innocent functions
let apply f x = f x : ('a -> 'b) -> 'a -> 'blet const x = fun _ -> x : 'a -> 'b -> 'alet subst x y z = x z (y z) : ('a -> 'b -> 'c) -> ('a -> 'b) -> 'a -> 'c
![Page 6: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/6.jpg)
Three innocent functions
let apply f x = f x : ('a -> 'b) -> 'a -> 'blet const x = fun _ -> x : 'a -> 'b -> 'alet subst x y z = x z (y z) : ('a -> 'b -> 'c) -> ('a -> 'b) -> 'a -> 'c
![Page 7: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/7.jpg)
Three innocent functions formulas
let apply f x = f x : ('a ⇒ 'b) ⇒ 'a ⇒ 'blet const x = fun _ -> x : 'a ⇒ 'b ⇒ 'alet subst x y z = x z (y z) : ('a ⇒ 'b ⇒ 'c) ⇒ ('a ⇒ 'b) ⇒ 'a ⇒ 'c
![Page 8: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/8.jpg)
Three innocent functions formulas
let apply f x = f x : ( A ⇒ B) ⇒ A ⇒ Blet const x = fun _ -> x : A ⇒ B ⇒ Alet subst x y z = x z (y z) : ( A ⇒ B ⇒ C) ⇒ ( A ⇒ B) ⇒ A ⇒ C
![Page 9: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/9.jpg)
Three innocent functions formulas
let apply f x = f x : ( A ⇒ B) ⇒ A ⇒ Blet const x = fun _ -> x : A ⇒ (B ⇒ A)let subst x y z = x z (y z) : ( A ⇒ (B ⇒ C)) ⇒(( A ⇒ B) ⇒ (A ⇒ C))
Do you recognize these formulas?
![Page 10: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/10.jpg)
source: http://www.cs.cornell.edu/courses/cs2800/2016fa/lectures/2800logic.pdf
![Page 11: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/11.jpg)
source: http://www.cs.cornell.edu/courses/cs2800/2016fa/lectures/2800logic.pdf
![Page 12: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/12.jpg)
Three innocent functions/formulas
let apply f x = f x : ( A ⇒ B) ⇒ A ⇒ Blet const x = fun _ -> x : A ⇒ (B ⇒ A)let subst x y z = x z (y z) : ( A ⇒ (B ⇒ C)) ⇒(( A ⇒ B) ⇒ (A ⇒ C))
A1
A2
MP as axiom
![Page 13: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/13.jpg)
Types and formulas
Logical formulas (propositions) can be read as program types, and vice versa Type Formula
Type variable 'a Atomic proposition A
Function type -> Implication ⇒
![Page 14: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/14.jpg)
Types and formulas
Logical formulas (propositions) can be read as program types, and vice versa Type Formula
Type variable 'a Atomic proposition A
Function type -> Implication ⇒
Product type * Conjunction ∧
unit True
![Page 15: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/15.jpg)
Conjunction and Truth
let fst (a,b) = a : 'a * 'b -> 'alet snd (a,b) = b : 'a * 'b -> 'blet pair a b = (a,b) : 'a -> 'b -> 'a * 'blet tt = () : unit
![Page 16: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/16.jpg)
Conjunction and Truth
let fst (a,b) = a : (A ∧ B) ⇒ Alet snd (a,b) = b : (A ∧ B) ⇒ Blet pair a b = (a,b) : A ⇒ (B ⇒ (A ∧ B))let tt = () : true
![Page 17: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/17.jpg)
Types and formulas
Logical formulas (propositions) can be read as program types, and vice versa Type Formula
Type variable 'a Atomic proposition A
Function type -> Implication ⇒
Product type * Conjunction ∧
unit True
?? Disjunction ∨
?? False
![Page 18: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/18.jpg)
Disjunction
type ('a,'b) disj = Left of 'a | Right of 'b
let left (x:'a) = Left x : 'a -> ('a, 'b) disj
let right (y:'b) = Right y : 'b -> ('a, 'b) disj
let case (lb:'a -> 'c) (rb:'b -> 'c) = function | Left x -> lb x | Right y -> rb y : ('a -> 'c) -> ('b -> 'c) -> ('a, 'b) disj -> 'c
Read "('a,'b) disj"
as "A ∨ B"
![Page 19: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/19.jpg)
Disjunction
type ('a,'b) disj = Left of 'a | Right of 'b
let left (x:'a) = Left x : A ⇒ (A ∨ B)
let right (y:'b) = Right y : B ⇒ (A ∨ B)
let case (lb:'a -> 'c) (rb:'b -> 'c) = function | Left x -> lb x | Right y -> rb y : (A ⇒ C) ⇒ (B ⇒ C) ⇒ (A ∨ B) ⇒ C
![Page 20: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/20.jpg)
False
type void = {nope : 'a .'a}
let ff1 = {nope = let rec f x = f x in f ()} : void
let ff2 = {nope = failwith ""} : void
let absurd (f:void) : 'b = f.nope : void -> 'b
Read "void" as "false". Read 'a . 'a as (∀x . x), which is false.
Creating a value of type void isn't possible!
![Page 21: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/21.jpg)
False
type void = {nope : 'a .'a}
let ff1 = {nope = let rec f x = f x in f ()} : void
let ff2 = {nope = failwith ""} : void
let absurd (f:void) : 'b = f.nope : false ⇒ B
![Page 22: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/22.jpg)
Negation
• Syntactic sugar: define ¬A as A⇒false • As a type, that would be 'a -> void
![Page 23: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/23.jpg)
Types and formulas
Logical formulas (propositions) can be read as program types, and vice versa
Type Formula
Type variable 'a Atomic proposition A
Function type -> Implication ⇒
Product type * Conjunction ∧
unit True
Tagged union Disjunction ∨
Type with no values False
(syntactic sugar) Negation ¬
![Page 24: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/24.jpg)
ACT II Programs = Proofs
![Page 25: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/25.jpg)
Innocent typing rule
• Recall typing contexts and judgements [L15] – Typing context T is a map from variable names to
types – Typing judgement T ⊢ e : t says that e has type t in
context T
• Typing rule for function application: – if T ⊢ e1 : t -> u – and T ⊢ e2 : t– then T ⊢ e1 e2 : u
![Page 26: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/26.jpg)
Innocent typing rule
if T ⊢ e1 : t -> u and T ⊢ e2 : tthen T ⊢ e1 e2 : u
![Page 27: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/27.jpg)
Innocent typing rule
if T ⊢ e1 : t -> u and T ⊢ e2 : tthen T ⊢ e1 e2 : u
![Page 28: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/28.jpg)
Innocent typing rule
if T ⊢ e1 : t -> u and T ⊢ e2 : tthen T ⊢ e1 e2 : u
![Page 29: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/29.jpg)
Innocent typing rule
if T ⊢ e1 : t ⇒ u and T ⊢ e2 : tthen T ⊢ e1 e2 : u
Do you recognize this rule?
![Page 30: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/30.jpg)
INTERMISSION
![Page 31: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/31.jpg)
Logical proof systems
• Ways of formalizing what is provable • Which may differ from what is true or decidable • Two styles: – Hilbert:
• lots of axioms • few inference rules (maybe just modus ponens) • what you probably saw in CS 2800
– Gentzen: • lots of inference rules (a couple for each operator) • few axioms • what I need to show you now
![Page 32: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/32.jpg)
Inference rules
• From premises P1, P2, ..., Pn • Infer conclusion Q • Express allowed means of inference or deductive
reasoning • Axiom is an inference rule with zero premises
Q
P1 P2 ...Pn
![Page 33: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/33.jpg)
Judgements
A1, A2, ..., An ⊢ B
• From assumptions A1, A2, ..., An
– traditional to write Γ for set of assumptions
• Judge that B is derivable or provable • Express allowed means of hypothetical reasoning
• Γ,A ⊢ A is an axiom
![Page 34: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/34.jpg)
Inference rules for ⇒ and ∧
Γ ⊢ A ⇒ B
Γ, A ⊢ B ⇒ intro
Γ ⊢ B
Γ ⊢ A ⇒ elim
Γ ⊢ A ⇒ B
Γ ⊢ A
Γ ⊢ A ∧ B ∧ elim 1
Γ ⊢ B
Γ ⊢ A ∧ B ∧ elim 2
Γ ⊢ A ∧ B
Γ ⊢ B ∧ intro
Γ ⊢ A
![Page 35: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/35.jpg)
Introduction and elimination
• Introduction rules say how to define an operator • Elimination rules say how to use an operator • Gentzen's insight: every operator should come
with intro and elim rules
![Page 36: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/36.jpg)
BACK TO THE SHOW
![Page 37: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/37.jpg)
Innocent typing rule
if T ⊢ e1 : t -> u and T ⊢ e2 : tthen T ⊢ e1 e2 : u
T⊢e1 e2 : u
T⊢e2 : tT⊢e1 : t -> u
![Page 38: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/38.jpg)
Innocent typing rule
if T ⊢ e1 : t -> u and T ⊢ e2 : tthen T ⊢ e1 e2 : u
T⊢e1 e2 : u
T⊢e2 : tT⊢e1 : t -> u
![Page 39: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/39.jpg)
Innocent typing rule
if T ⊢ e1 : t -> u and T ⊢ e2 : tthen T ⊢ e1 e2 : u
Γ⊢e1 e2 : u
Γ⊢e2 : tΓ⊢e1 : t ⇒ u ⇒ elim
Modus ponens is function application
![Page 40: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/40.jpg)
Computing with evidence
• Modus ponens (aka ⇒ elim) is a way of computing with evidence • Given evidence e2 that t holds
• And given a way e1 of transforming evidence for t into evidence for u
• MP produces evidence for u by applying e1 to e2• So e1 e2 is not just a program... • It's a proof of u, in that it provides evidence for u
T⊢e1 e2 : u
T⊢e2 : tT⊢e1 : t -> u
![Page 41: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/41.jpg)
More typing rules
Γ ⊢ fun x -> e : t -> u
Γ, x:t ⊢ e:u
Γ ⊢ (e1,e2) : t1*t2
Γ ⊢ e2:t2Γ ⊢ e1:t1
![Page 42: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/42.jpg)
More typing rules
Γ ⊢ fun x -> e : t ⇒ u
Γ, x:t ⊢ e:u
Γ ⊢ (e1,e2) : t1∧t2
Γ ⊢ e2:t2Γ ⊢ e1:t1
⇒ intro
∧ intro
![Page 43: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/43.jpg)
More computing with evidence
Γ ⊢ fun x -> e : t -> u
Γ, x:t ⊢ e:u
Γ ⊢ (e1,e2) : t1*t2
Γ ⊢ e2:t2Γ ⊢ e1:t1
given evidence e for u predicated on evidence x for t, produce an evidence transformer
given evidence ei for ti, produce combined evidence for both
![Page 44: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/44.jpg)
Even more typing rules
Γ ⊢ fst e : t1
Γ ⊢ e : t1*t2
Γ ⊢ snd e : t2
Γ ⊢ e : t1*t2
![Page 45: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/45.jpg)
Even more typing rules
Γ ⊢ fst e : t1
Γ ⊢ e : t1∧t2∧ elim 1
Γ ⊢ snd e : t2
Γ ⊢ e : t1∧t2∧ elim 2
![Page 46: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/46.jpg)
Even more computing with evidence
Γ ⊢ fst e : t1
Γ ⊢ e : t1*t2
Γ ⊢ snd e : t2
Γ ⊢ e : t1*t2
given evidence e for both ti, project out the evidence for one of them
![Page 47: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/47.jpg)
A program that transforms evidence
⊢ fun z -> (snd z,fst z) : 'a*'b -> 'b*'a
z:'a*'b ⊢ (snd z,fst z):'b*'a
z:'a*'b ⊢ snd z:'b z:'a*'b ⊢ fst z:'a
z:'a*'b ⊢ z:'a*'b z:'a*'b ⊢ z:'a*'bassump assump
∧ elim 1 ∧ elim 2
∧ intro
⇒ intro
![Page 48: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/48.jpg)
Programs and proofs
• A well-typed program demonstrates that there is at least one value for that type – i.e. the that type is inhabited – a program is a proof that the type is inhabited
• A proof demonstrates that there is at least one way of deriving a formula – i.e. that the formula is provable by manipulating
assumptions and doing inference – a proof is a program that manipulates evidence
• Proofs are programs, and vice versa
![Page 49: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/49.jpg)
ACT III Evaluation = Simplification
![Page 50: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/50.jpg)
Many proofs/programs A given proposition/type could have many proofs/programs. Proposition/type: • A ⇒ (B ⇒ (A ∧ B)) • 'a -> ('b -> ('a * 'b))
Programs: • fun x -> fun y ->
(fun z -> (snd z, fst z)) (y,x)• fun x -> fun y -> (snd (y,x), fst (y,x))• fun x -> fun y -> (x,y) Proofs: • ...too big for slides • but perhaps you can imagine that proofs of well-typed-ness of each program
are progressively simpler
![Page 51: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/51.jpg)
Many proofs/programs
Key part (body) of each program: • (fun z -> (snd z, fst z)) (y,x)• (snd (y,x), fst (y,x))• (x,y) Each is the result of small-stepping the previous ...and in each case, the proof gets simpler Taking an evaluation step corresponds to simplifying the proof
![Page 52: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/52.jpg)
CONCLUSION
![Page 53: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/53.jpg)
These are all the same ideas
Programming Logic Types Formulas Programs Proofs Evaluation Simplification
Computation is reasoning Functional programming is fundamental
![Page 54: Proofs are Programs - Cornell University · Proofs are Programs Today’s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Prof. Clarkson Fall 2016](https://reader034.vdocuments.us/reader034/viewer/2022042214/5eba9bc80123c2503e14bc84/html5/thumbnails/54.jpg)
Upcoming events
• Happy Thanksgiving Break!
This is fundamental.
THIS IS 3110