Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Logic and ComputationLecture 3
Zena M. Ariola
University of Oregon
24th Estonian Winter School in Computer Science, EWSCS ’19
What we have seen so far
We have seen a beautiful correspondence between logic andprogramming languages. We can use the same system toprogram and reason about our programs.
Let’s now take a critical view of lambda-calculus and naturaldeduction.
Outline
What is bad about natural deduction andlambda-calculus?
Sequent calculus as a logic
Sequent calculus as a programming language
Duality of syntax and semantics
Polarity, evaluation in the type
Outline
What is bad about natural deduction andlambda-calculus?
Sequent calculus as a logic
Sequent calculus as a programming language
Duality of syntax and semantics
Polarity, evaluation in the type
Outline
What is bad about natural deduction andlambda-calculus?
Sequent calculus as a logic
Sequent calculus as a programming language
Duality of syntax and semantics
Polarity, evaluation in the type
Outline
What is bad about natural deduction andlambda-calculus?
Sequent calculus as a logic
Sequent calculus as a programming language
Duality of syntax and semantics
Polarity, evaluation in the type
Outline
What is bad about natural deduction andlambda-calculus?
Sequent calculus as a logic
Sequent calculus as a programming language
Duality of syntax and semantics
Polarity, evaluation in the type
Dualities
Alcmaeon (510BC) : Most things come in pairsright le� odd even one manylimited unlimited straight curved light darknesswhite black sweet bi�er good badlarge small young old male femaleman god family state living deadtrue false future past good bad
Duality points you at the existence of another entity with a totally di�erentform, but which is strongly related to the original one.
A source of free theorems
Dualities
Alcmaeon (510BC) : Most things come in pairsright le� odd even one manylimited unlimited straight curved light darknesswhite black sweet bi�er good badlarge small young old male femaleman god family state living deadtrue false future past good bad
Duality points you at the existence of another entity with a totally di�erentform, but which is strongly related to the original one.
A source of free theorems
Logic
Theorem
A formula A is true i� its dual is false
True and False are dual
∧ and ∨ are dual
A ∨ True = TrueA ∨ ¬A = True
A ∧ False = FalseA ∧ ¬A = False
Where is this duality expressed in Natural Deduction?
Logic
Theorem
A formula A is true i� its dual is false
True and False are dual
∧ and ∨ are dual
A ∨ True = TrueA ∨ ¬A = True
A ∧ False = FalseA ∧ ¬A = False
Where is this duality expressed in Natural Deduction?
Logic
Theorem
A formula A is true i� its dual is false
True and False are dual
∧ and ∨ are dual
A ∨ True = TrueA ∨ ¬A = True
A ∧ False = FalseA ∧ ¬A = False
Where is this duality expressed in Natural Deduction?
Logic
Theorem
A formula A is true i� its dual is false
True and False are dual
∧ and ∨ are dual
A ∨ True = TrueA ∨ ¬A = True
A ∧ False = FalseA ∧ ¬A = False
Where is this duality expressed in Natural Deduction?
Commuting conversions
Γ ` A ∨ B Γ,A ` C Γ,B ` CΓ ` C
∨E
In Proofs and Types, Jean-Yves Girard says
the elimination rules for ∨ and ∃ are very bad. What is catastrophic aboutthem is the parasitic presence of a formula C which has no structural link withthe formula which is eliminated. Moreover, in order to have normal proofs withthe subformula property, there is the need to add some ad hoc conversions: thecommuting conversions
DΓ ` A ∨ B
D1
Γ, A ` CD1
Γ, B ` C
Γ ` C∨E
Γ ` Dr
=⇒
D1
Γ ` A ∨ B
D1
Γ, A ` C
Γ, A ` Dr
D1
Γ, B ` C
Γ, B ` Dr
Γ ` D∨E
Commuting conversions
Γ ` A ∨ B Γ,A ` C Γ,B ` CΓ ` C
∨E
In Proofs and Types, Jean-Yves Girard says
the elimination rules for ∨ and ∃ are very bad. What is catastrophic aboutthem is the parasitic presence of a formula C which has no structural link withthe formula which is eliminated. Moreover, in order to have normal proofs withthe subformula property, there is the need to add some ad hoc conversions: thecommuting conversions
DΓ ` A ∨ B
D1
Γ, A ` CD1
Γ, B ` C
Γ ` C∨E
Γ ` Dr
=⇒
D1
Γ ` A ∨ B
D1
Γ, A ` C
Γ, A ` Dr
D1
Γ, B ` C
Γ, B ` Dr
Γ ` D∨E
Subformula property
A ∨ A ` A ∨ AA ` A A ` AA ` A ∧ A
∧IA ` A A ` AA ` A ∧ A
∧I
A ∨ A ` A ∧ A∨E
A ∨ A ` A∧E
=⇒
A ∨ A ` A ∨ A
A ` A A ` AA ` A ∧ A
∧I
A ` A∧E
A ` A A ` AA ` A ∧ A
∧I
A ` A∧E
A ∨ A ` A∨E
=⇒A ∨ A ` A ∨ A A ` A A ` A
A ∨ A ` A∨E
Bernard Bolzano (1781-1848)
A proof is analytic if it does not use concepts (i.e.subformulae) beyond its subject ma�er (i.e. the formulawe are going to prove)
Subformula property
A ∨ A ` A ∨ AA ` A A ` AA ` A ∧ A
∧IA ` A A ` AA ` A ∧ A
∧I
A ∨ A ` A ∧ A∨E
A ∨ A ` A∧E
=⇒
A ∨ A ` A ∨ A
A ` A A ` AA ` A ∧ A
∧I
A ` A∧E
A ` A A ` AA ` A ∧ A
∧I
A ` A∧E
A ∨ A ` A∨E
=⇒A ∨ A ` A ∨ A A ` A A ` A
A ∨ A ` A∨E
Bernard Bolzano (1781-1848)
A proof is analytic if it does not use concepts (i.e.subformulae) beyond its subject ma�er (i.e. the formulawe are going to prove)
Subformula property
A ∨ A ` A ∨ AA ` A A ` AA ` A ∧ A
∧IA ` A A ` AA ` A ∧ A
∧I
A ∨ A ` A ∧ A∨E
A ∨ A ` A∧E
=⇒
A ∨ A ` A ∨ A
A ` A A ` AA ` A ∧ A
∧I
A ` A∧E
A ` A A ` AA ` A ∧ A
∧I
A ` A∧E
A ∨ A ` A∨E
=⇒A ∨ A ` A ∨ A A ` A A ` A
A ∨ A ` A∨E
Bernard Bolzano (1781-1848)
A proof is analytic if it does not use concepts (i.e.subformulae) beyond its subject ma�er (i.e. the formulawe are going to prove)
Subformula property
A ∨ A ` A ∨ AA ` A A ` AA ` A ∧ A
∧IA ` A A ` AA ` A ∧ A
∧I
A ∨ A ` A ∧ A∨E
A ∨ A ` A∧E
=⇒
A ∨ A ` A ∨ A
A ` A A ` AA ` A ∧ A
∧I
A ` A∧E
A ` A A ` AA ` A ∧ A
∧I
A ` A∧E
A ∨ A ` A∨E
=⇒A ∨ A ` A ∨ A A ` A A ` A
A ∨ A ` A∨E
Bernard Bolzano (1781-1848)
A proof is analytic if it does not use concepts (i.e.subformulae) beyond its subject ma�er (i.e. the formulawe are going to prove)
Proof search
When we prove a theorem, it would be convenient to construct the proof bo�om-up
How do we prove A→ (B→ C)→ (A→ B)→ (A→ C):
?A→ (B→ C),A→ B,A ` C
→i
A→ (B→ C),A→ B ` A→ C→i
` A→ (B→ C) ` (A→ B)→ (A→ C)→I
A→ (B→ C),A→ B,A ` B→ C A→ (B→ C),A→ B,A ` B
A→ (B→ C),A→ B,A ` C→E
How are going to guess B?
Proof search
When we prove a theorem, it would be convenient to construct the proof bo�om-up
How do we prove A→ (B→ C)→ (A→ B)→ (A→ C):
?A→ (B→ C),A→ B,A ` C
→i
A→ (B→ C),A→ B ` A→ C→i
` A→ (B→ C) ` (A→ B)→ (A→ C)→I
A→ (B→ C),A→ B,A ` B→ C A→ (B→ C),A→ B,A ` B
A→ (B→ C),A→ B,A ` C→E
How are going to guess B?
Proof search
When we prove a theorem, it would be convenient to construct the proof bo�om-up
How do we prove A→ (B→ C)→ (A→ B)→ (A→ C):
?A→ (B→ C),A→ B,A ` C
→i
A→ (B→ C),A→ B ` A→ C→i
` A→ (B→ C) ` (A→ B)→ (A→ C)→I
A→ (B→ C),A→ B,A ` B→ C A→ (B→ C),A→ B,A ` B
A→ (B→ C),A→ B,A ` C→E
How are going to guess B?
The opposite category
Γ
A A× B B
f g!h
π1 π2
A A + B B
∆
ι1
f!h
ι2
g
Why not λ-calculus (natural deduction)?
Γ
A A× B B
f g!h
π1 π2
π1(〈f , g〉) = fπ2(〈f , g〉) = gh = 〈π1h, π2h〉
A A + B B
∆
ι1
f!h
ι2
g ?
Why not λ-calculus (natural deduction)?
Γ
A A× B B
f g!h
π1 π2
π1(〈f , g〉) = fπ2(〈f , g〉) = gh = 〈π1h, π2h〉
A A + B B
∆
ι1
f!h
ι2
g ?
Question
How can we talk about these dualities ?
Can we construct a proof system that uses only subformulae ofthe conclusion?
In addition to talking about A being True, why not also takingabout A being False?
Gentzen again
Gentzen could not prove the consistency ofnatural deduction directly. For this reason heintroduced an alternative system (1935): sequentcalculus (LJ and LK)
Consisteny- Gentzen 1934There is no LK proof of ⊥.
Natural deduction and LK are equivalent
ND ` A i� LK ` A
Gentzen again
Gentzen could not prove the consistency ofnatural deduction directly. For this reason heintroduced an alternative system (1935): sequentcalculus (LJ and LK)
Consisteny- Gentzen 1934There is no LK proof of ⊥.
Natural deduction and LK are equivalent
ND ` A i� LK ` A
Deduction and Duality
The judgmentA1, · · · ,An ` B
becomesA1, · · · ,An ` B1, · · · ,Bm
We have both multiple assumptions and multiple conclusions.
It reads as:(A1 ∧ · · · ∧ An) ` (B1 ∨ · · · ∨ Bm)
Given Γ ` ∆
if Γ is empty we identify it with > : ` ∆. This means means that some formulain ∆ is true
if ∆ is empty we identify it with ⊥: Γ `. This means Γ is inconsistent
Deduction and Duality
The judgmentA1, · · · ,An ` B
becomesA1, · · · ,An ` B1, · · · ,Bm
We have both multiple assumptions and multiple conclusions.
It reads as:(A1 ∧ · · · ∧ An) ` (B1 ∨ · · · ∨ Bm)
Given Γ ` ∆
if Γ is empty we identify it with > : ` ∆. This means means that some formulain ∆ is true
if ∆ is empty we identify it with ⊥: Γ `. This means Γ is inconsistent
Deduction and Duality
The judgmentA1, · · · ,An ` B
becomesA1, · · · ,An ` B1, · · · ,Bm
We have both multiple assumptions and multiple conclusions.
It reads as:(A1 ∧ · · · ∧ An) ` (B1 ∨ · · · ∨ Bm)
Given Γ ` ∆
if Γ is empty we identify it with > : ` ∆. This means means that some formulain ∆ is true
if ∆ is empty we identify it with ⊥: Γ `. This means Γ is inconsistent
Deduction and Duality
The judgmentA1, · · · ,An ` B
becomesA1, · · · ,An ` B1, · · · ,Bm
We have both multiple assumptions and multiple conclusions.
It reads as:(A1 ∧ · · · ∧ An) ` (B1 ∨ · · · ∨ Bm)
Given Γ ` ∆
if Γ is empty we identify it with > : ` ∆. This means means that some formulain ∆ is true
if ∆ is empty we identify it with ⊥: Γ `. This means Γ is inconsistent
Gentzen’s LK
Formulae: A,B,C ::= X | A ∧ B | A ∨ B | A ⊃ B | ∀X .A | ∃X .A
Core rules:
Γ,A ` AAx
Γ ` A,∆ Γ,A ` ∆
Γ ` ∆Cut
Structural rules:
Γ ` ∆Γ ` A,∆
WRΓ ` ∆
Γ,A ` ∆WL
Γ ` A,A,∆Γ ` A,∆
CRΓ,A,A ` ∆
Γ,A ` ∆CL
Γ ` ∆,A,B,∆′
Γ ` ∆,B,A,∆′XR
Γ′,B,A, Γ ` ∆
Γ′,A,B, Γ ` ∆XL
LK logical rules
Γ ` A,∆ Γ ` B,∆Γ ` A ∧ B,∆
∧RΓ,A ` ∆
Γ,A ∧ B ` ∆∧L
Γ,B ` ∆
Γ,A ∧ B ` ∆∧L
Γ,A ` ∆ Γ,B ` ∆
Γ,A ∨ B ` ∆∨L
Γ ` A,∆Γ ` A ∨ B,∆
∨RΓ ` B,∆
Γ ` A ∨ B,∆∨R
Γ,A ` B,∆Γ ` A→ B,∆
→RΓ ` A,∆ Γ,B ` ∆
Γ,A→ B ` ∆→L
ExamplesLaw of Excluded Middle: ` A ∨ ¬APierce Law: ` ((A→ B)→ A)→ AContraposition: ` (¬B→ ¬A)→ A→ B
Polymorphism and Abstraction
Γ ` A,∆ X 6∈ FV(Γ ` ∆)
Γ ` ∀X .A,∆ ∀RΓ,A[B/x] ` ∆
Γ,∀X .A ` ∆∀L
Γ,A ` ∆ X /∈ FV(Γ ` ∆)
Γ,∃X .A ` ∆∃L
Γ ` A{B/X},∆Γ ` ∃X .A,∆ ∃R
Examples
` ∃x.D(x)→ ∀x.D(x)
The Hauptsatz
Hauptsatz - Gentzen 1934For all LK proofs of Γ ` ∆ there exists an alternate LK proof of Γ ` ∆ that does notcontain any use of the Cut rule.
ConsistencyThere is no LK proof of ` ⊥.
Basic idea, in a nutshell:"push" the cuts upwards in a proof, until they disappear completely!
D....Γ ` A,∆ A ` AAx
Γ ` A,∆ Cut=⇒
D....Γ ` A,∆
A ` AAx
E....Γ,A ` ∆
Γ,A ` ∆Cut
=⇒
E....Γ,A ` ∆
Logical cuts
D1....Γ ` A,∆
D2....Γ ` B,∆
Γ ` A ∧ B,∆∧R
E....Γ,A ` ∆
Γ,A ∧ B ` ∆∧L
Γ ` ∆Cut
=⇒
D1....Γ ` A,∆
E....Γ,A ` ∆
Γ ` ∆Cut
D....Γ,A ` B,∆
Γ ` A ⊃ B,∆→R
E1....Γ ` A,∆
E2....Γ,B ` ∆
Γ,A ⊃ B ` ∆→L
Γ ` ∆Cut
=⇒
E1....Γ ` A,∆
D....Γ,A ` B,∆
E2....Γ,B ` ∆
Γ,A ` ∆Cut
Γ ` ∆Cut
Logical cuts
D1....Γ ` A,∆
D2....Γ ` B,∆
Γ ` A ∧ B,∆∧R
E....Γ,A ` ∆
Γ,A ∧ B ` ∆∧L
Γ ` ∆Cut
=⇒
D1....Γ ` A,∆
E....Γ,A ` ∆
Γ ` ∆Cut
D....Γ,A ` B,∆
Γ ` A ⊃ B,∆→R
E1....Γ ` A,∆
E2....Γ,B ` ∆
Γ,A ⊃ B ` ∆→L
Γ ` ∆Cut
=⇒
E1....Γ ` A,∆
D....Γ,A ` B,∆
E2....Γ,B ` ∆
Γ,A ` ∆Cut
Γ ` ∆Cut
Termination
Proving that cut-elimination terminates is complex!
D....Γ ` A,∆
E....Γ,A,A ` ∆
Γ,A ` ∆CL
Γ ` ∆Cut
=⇒
D....Γ ` A,∆
D....Γ ` A,∆
E....Γ,A,A ` ∆
Γ,A,` ∆Cut
Γ ` ∆Cut
Proof D has been duplicated!
Sequent calculus: a symmetric language
A computation is an interaction between a term v (producer) and a context e(consumer, continuation, co-term, stack)
〈v||e〉
Producers v Consumers e (contexts)
Input variable x Output variable α
Function abstraction λx.v Function call (call stack) v ′ · eOutput abstraction µα.c Input abstraction µ̃x.c
µ̃ abstracts over an unspecified input. µ̃x.c can be seen as let x = � in c.
µ abstracts over an unspecified output. Continuations are not functions
Example
callcc(λk.M) ∼ µα.〈M||α〉.C(λk.M) ∼ µα.〈M||tp〉.Abort(M) ∼ µ_.〈M||tp〉.
Sequent calculus: a symmetric language
Command c ::= 〈v | e〉Terms v ::= x | λx.v
| 〈v, v〉 | inj1(v) | inj2(v)
| µα.cCo-Terms e ::= α | v · e
| [e1, e2] | π1(e) | π2(e)
| µ̃x.c
Example
(λx.x) z becomes µα.〈λx.x | z.α〉(λx.λy.x y) z w becomes µα.〈λx.λy.µα.〈x | y.α〉 | z.w.α〉π1(v, v ′) becomes µα.〈(v, v ′)||π1.α〉case inj1 v of inj1 x => v1 | inj2 x => v2 becomesµα.〈inj1 v||[µ̃x.〈v1||α〉, µ̃x.〈v2||α〉〉
Re-associating programs
α
·
N3·
N2·
N1λx
M
||
·
·
·
αN3
N2
N1
λx
M
(λx.M)N1N2N3 〈λx.M||N1 · N2 · N3 · α〉
A redex is always at the top
Evaluation corresponds to an abstract machine, i.e. a tail-recursive interpreter
Computational interpretation of classical logic
The judgement A1, · · · ,An ` B1, · · · ,Bm is interpreted as typing a command c:
c : (x1 : A1, · · · , x2 : An ` β1 : B1, · · · , βm : Bm)
The types of variables appear as assumptions. The types of co-variables appear asconclusions
Since we have multiple assumptions and conclusions, computationally we need twomore judgements expressing the intent to focus on a particular assumption orconclusion:
The judgement x1 : A1, · · · , xn : An ` v : B | β1 : B1, · · · , βm : Bm expresses thefact that we focus on the conclusion B. This types a term v which can producea value of type B
The judgement x1 : A1, · · · , xn : An | e : A ` β1 : B1, · · · , βm : Bm expresses thefact that we focus on the assumption A. This types a context e which iswaiting for a value of type A
Computational interpretation of classical logic
The judgement A1, · · · ,An ` B1, · · · ,Bm is interpreted as typing a command c:
c : (x1 : A1, · · · , x2 : An ` β1 : B1, · · · , βm : Bm)
The types of variables appear as assumptions. The types of co-variables appear asconclusions
Since we have multiple assumptions and conclusions, computationally we need twomore judgements expressing the intent to focus on a particular assumption orconclusion:
The judgement x1 : A1, · · · , xn : An ` v : B | β1 : B1, · · · , βm : Bm expresses thefact that we focus on the conclusion B. This types a term v which can producea value of type B
The judgement x1 : A1, · · · , xn : An | e : A ` β1 : B1, · · · , βm : Bm expresses thefact that we focus on the assumption A. This types a context e which iswaiting for a value of type A
Computational interpretation of classical logic
The judgement A1, · · · ,An ` B1, · · · ,Bm is interpreted as typing a command c:
c : (x1 : A1, · · · , x2 : An ` β1 : B1, · · · , βm : Bm)
The types of variables appear as assumptions. The types of co-variables appear asconclusions
Since we have multiple assumptions and conclusions, computationally we need twomore judgements expressing the intent to focus on a particular assumption orconclusion:
The judgement x1 : A1, · · · , xn : An ` v : B | β1 : B1, · · · , βm : Bm expresses thefact that we focus on the conclusion B. This types a term v which can producea value of type B
The judgement x1 : A1, · · · , xn : An | e : A ` β1 : B1, · · · , βm : Bm expresses thefact that we focus on the assumption A. This types a context e which iswaiting for a value of type A
Computational interpretation of classical logic
The judgement A1, · · · ,An ` B1, · · · ,Bm is interpreted as typing a command c:
c : (x1 : A1, · · · , x2 : An ` β1 : B1, · · · , βm : Bm)
The types of variables appear as assumptions. The types of co-variables appear asconclusions
Since we have multiple assumptions and conclusions, computationally we need twomore judgements expressing the intent to focus on a particular assumption orconclusion:
The judgement x1 : A1, · · · , xn : An ` v : B | β1 : B1, · · · , βm : Bm expresses thefact that we focus on the conclusion B. This types a term v which can producea value of type B
The judgement x1 : A1, · · · , xn : An | e : A ` β1 : B1, · · · , βm : Bm expresses thefact that we focus on the assumption A. This types a context e which iswaiting for a value of type A
Computational interpretation of classical logic
The judgement A1, · · · ,An ` B1, · · · ,Bm is interpreted as typing a command c:
c : (x1 : A1, · · · , x2 : An ` β1 : B1, · · · , βm : Bm)
The types of variables appear as assumptions. The types of co-variables appear asconclusions
Since we have multiple assumptions and conclusions, computationally we need twomore judgements expressing the intent to focus on a particular assumption orconclusion:
The judgement x1 : A1, · · · , xn : An ` v : B | β1 : B1, · · · , βm : Bm expresses thefact that we focus on the conclusion B. This types a term v which can producea value of type B
The judgement x1 : A1, · · · , xn : An | e : A ` β1 : B1, · · · , βm : Bm expresses thefact that we focus on the assumption A. This types a context e which iswaiting for a value of type A
C-H isomorphism for classical logic - Core rules
A,B,C ∈ Formulae ::= X | A ∧ B | A ∨ B | A ⊃ B | ∀X .A | ∃X .A
Γ,A ` A,∆Ax
Γ ` A,∆ Γ,A ` ∆
Γ ` ∆Cut
A,B,C ∈ Types ::= X | A× B | A + B | A→ B | ∀X .A | ∃X .A
Γ, x : A ` x : A | ∆VR
Γ | α : A ` α : A,∆VL
Γ ` v : A | ∆ Γ | e : A ` ∆
〈v||e〉 : (Γ ` ∆)Cut
c : (Γ ` α : A,∆)
Γ ` µα.c : A | ∆AR
c : (Γ, x : A ` ∆)
Γ | µ̃x.c : A ` ∆AL
C-H isomorphism for classical logic - Core rules
A,B,C ∈ Formulae ::= X | A ∧ B | A ∨ B | A ⊃ B | ∀X .A | ∃X .A
Γ,A ` A,∆Ax
Γ ` A,∆ Γ,A ` ∆
Γ ` ∆Cut
A,B,C ∈ Types ::= X | A× B | A + B | A→ B | ∀X .A | ∃X .A
Γ, x : A ` x : A | ∆VR
Γ | α : A ` α : A,∆VL
Γ ` v : A | ∆ Γ | e : A ` ∆
〈v||e〉 : (Γ ` ∆)Cut
c : (Γ ` α : A,∆)
Γ ` µα.c : A | ∆AR
c : (Γ, x : A ` ∆)
Γ | µ̃x.c : A ` ∆AL
C-H isomorphism for classical logic - Core rules
A,B,C ∈ Formulae ::= X | A ∧ B | A ∨ B | A ⊃ B | ∀X .A | ∃X .A
Γ,A ` A,∆Ax
Γ ` A,∆ Γ,A ` ∆
Γ ` ∆Cut
A,B,C ∈ Types ::= X | A× B | A + B | A→ B | ∀X .A | ∃X .A
Γ, x : A ` x : A | ∆VR
Γ | α : A ` α : A,∆VL
Γ ` v : A | ∆ Γ | e : A ` ∆
〈v||e〉 : (Γ ` ∆)Cut
c : (Γ ` α : A,∆)
Γ ` µα.c : A | ∆AR
c : (Γ, x : A ` ∆)
Γ | µ̃x.c : A ` ∆AL
C-H isomorphism for classical logic - Logical rules
Γ ` A,∆ Γ ` B,∆Γ ` A ∧ B,∆
∧RΓ,A ` ∆
Γ,A ∧ B ` ∆∧L
Γ,B ` ∆
Γ,A ∧ B ` ∆∧L
Γ,A ` ∆ Γ,B ` ∆
Γ,A ∨ B ` ∆∨L
Γ ` A,∆Γ ` A ∨ B,∆
∨RΓ ` B,∆
Γ ` A ∨ B,∆∨R
Γ,A ` B,∆Γ ` A→ B,∆
→RΓ ` A,∆ Γ,B ` ∆
Γ,A→ B ` ∆→L
Γ ` v : A | ∆ Γ ` v ′ : B | ∆
Γ ` (v, v ′) : A× B | ∆×R
Γ | e : A ` ∆
Γ | π1(e) : A× B ` ∆×L
Γ | e : B ` ∆
Γ | π2(e) : A× B ` ∆
Γ | e : A ` ∆ Γ | e′ : B ` ∆
Γ | [e, e′] : A + B ` ∆+L
Γ ` v : A | ∆
Γ ` inj1(v) : A + B | ∆+R
Γ ` v : B | ∆
Γ ` inj2(v) : A + B | ∆+R
Γ, x : A ` v : B | ∆
Γ ` λx.v : A→ B | ∆→R
Γ ` v : A | ∆ Γ | e : B ` ∆
Γ | v · e : A→ B ` ∆→L
Classical proofs as sequent terms
Examples
The proof of Excluded Middle is µα.〈inj2(λp.µ_.〈inj1 p||α〉)||α〉The proof of Pierce Law is λx.µα.〈x||(λx.µδ.〈x||α〉).α〉The proof of Double Negation is λx.µα.〈x||(λx.µδ.〈x||α〉).tp〉
How to compute
D1....Γ ` A,∆
D2....Γ ` B,∆
Γ ` A ∧ B,∆∧R
E....Γ,A ` ∆
Γ,A ∧ B ` ∆∧L
Γ ` ∆Cut
=⇒
D1....Γ ` A,∆
E....Γ,A ` ∆
Γ ` ∆Cut
Γ ` v1 : A | ∆ Γ ` v2 : B | ∆
Γ ` (v1, v2) : A ∧ B | ∆∧R
Γ | e : A ` ∆
Γ | π1(e) : A ∧ B ` ∆∧L
〈(v1, v2)||π1(e)〉 : Γ ` ∆Cut
=⇒Γ ` v1 : A | ∆ Γ | e : A ` ∆
〈v | e〉 : Γ ` ∆Cut
〈(v1, v2)||π1(e)〉 → 〈v1||e〉
How to compute
D1....Γ ` A,∆
D2....Γ ` B,∆
Γ ` A ∧ B,∆∧R
E....Γ,A ` ∆
Γ,A ∧ B ` ∆∧L
Γ ` ∆Cut
=⇒
D1....Γ ` A,∆
E....Γ,A ` ∆
Γ ` ∆Cut
Γ ` v1 : A | ∆ Γ ` v2 : B | ∆
Γ ` (v1, v2) : A ∧ B | ∆∧R
Γ | e : A ` ∆
Γ | π1(e) : A ∧ B ` ∆∧L
〈(v1, v2)||π1(e)〉 : Γ ` ∆Cut
=⇒Γ ` v1 : A | ∆ Γ | e : A ` ∆
〈v | e〉 : Γ ` ∆Cut
〈(v1, v2)||π1(e)〉 → 〈v1||e〉
How to compute
D1....Γ ` A,∆
D2....Γ ` B,∆
Γ ` A ∧ B,∆∧R
E....Γ,A ` ∆
Γ,A ∧ B ` ∆∧L
Γ ` ∆Cut
=⇒
D1....Γ ` A,∆
E....Γ,A ` ∆
Γ ` ∆Cut
Γ ` v1 : A | ∆ Γ ` v2 : B | ∆
Γ ` (v1, v2) : A ∧ B | ∆∧R
Γ | e : A ` ∆
Γ | π1(e) : A ∧ B ` ∆∧L
〈(v1, v2)||π1(e)〉 : Γ ` ∆Cut
=⇒Γ ` v1 : A | ∆ Γ | e : A ` ∆
〈v | e〉 : Γ ` ∆Cut
〈(v1, v2)||π1(e)〉 → 〈v1||e〉
How to compute
D....Γ,A ` B,∆
Γ ` A ⊃ B,∆→R
E1....Γ ` A,∆
E2....Γ,B ` ∆
Γ,A ⊃ B ` ∆→L
Γ ` ∆Cut
=⇒
E1....Γ ` A,∆
D....Γ,A ` B,∆
E2....Γ,B ` ∆
Γ,A ` ∆Cut
Γ ` ∆Cut
Γ, x : A ` v : B | ∆
Γ ` λx.v : A ⊃ B | ∆→R
Γ ` v1 : A | ∆ Γ | e : B ` ∆
Γ | v1.e : A ⊃ B ` ∆→L
〈λx.v||v1.e〉 : (Γ ` ∆)Cut
=⇒
Γ ` v1 : A,∆
Γ, x : A ` v : B,∆ Γ | e : B ` ∆
Γ | µ̃x.〈v||e〉 : A ` ∆Cut
〈v1||µ̃x.〈v||e〉〉 : Γ ` ∆Cut
〈λx.v||v1.e〉 → 〈v1||µ̃x.〈v||e〉〉
How to compute
D....Γ,A ` B,∆
Γ ` A ⊃ B,∆→R
E1....Γ ` A,∆
E2....Γ,B ` ∆
Γ,A ⊃ B ` ∆→L
Γ ` ∆Cut
=⇒
E1....Γ ` A,∆
D....Γ,A ` B,∆
E2....Γ,B ` ∆
Γ,A ` ∆Cut
Γ ` ∆Cut
Γ, x : A ` v : B | ∆
Γ ` λx.v : A ⊃ B | ∆→R
Γ ` v1 : A | ∆ Γ | e : B ` ∆
Γ | v1.e : A ⊃ B ` ∆→L
〈λx.v||v1.e〉 : (Γ ` ∆)Cut
=⇒
Γ ` v1 : A,∆
Γ, x : A ` v : B,∆ Γ | e : B ` ∆
Γ | µ̃x.〈v||e〉 : A ` ∆Cut
〈v1||µ̃x.〈v||e〉〉 : Γ ` ∆Cut
〈λx.v||v1.e〉 → 〈v1||µ̃x.〈v||e〉〉
How to compute
D....Γ,A ` B,∆
Γ ` A ⊃ B,∆→R
E1....Γ ` A,∆
E2....Γ,B ` ∆
Γ,A ⊃ B ` ∆→L
Γ ` ∆Cut
=⇒
E1....Γ ` A,∆
D....Γ,A ` B,∆
E2....Γ,B ` ∆
Γ,A ` ∆Cut
Γ ` ∆Cut
Γ, x : A ` v : B | ∆
Γ ` λx.v : A ⊃ B | ∆→R
Γ ` v1 : A | ∆ Γ | e : B ` ∆
Γ | v1.e : A ⊃ B ` ∆→L
〈λx.v||v1.e〉 : (Γ ` ∆)Cut
=⇒
Γ ` v1 : A,∆
Γ, x : A ` v : B,∆ Γ | e : B ` ∆
Γ | µ̃x.〈v||e〉 : A ` ∆Cut
〈v1||µ̃x.〈v||e〉〉 : Γ ` ∆Cut
〈λx.v||v1.e〉 → 〈v1||µ̃x.〈v||e〉〉
Sequent calculus
〈(v1, v2)||π1(e)〉 = 〈v1||e〉〈(v1, v2)||π2(e)〉 = 〈v2||e〉〈inj1(v)||[e1, e2]〉 = 〈v||e1〉〈inj2(v)||[e1, e2]〉 = 〈v||e2〉〈λx.v||v1.e〉 = 〈v1||µ̃x.〈v||e〉〉
〈v||µ̃x.c〉 = c[v/x]
〈µα.c||e〉 = c[e/α]
(µα.〈v||π1(α)〉, µα.〈v||π2(α)〉) = v[µ̃x.〈inj1 x||e〉, µ̃x.〈inj2 x||e〉] = eλx.µα.〈v||x.α〉 = v
The reduction and expansion rules for × are dual to the rules for +
Construction vs Deconstruction
Γ
A A× B B
v1 v2!v
π1 π2
(β×) 〈(v1, v2)||πi(e)〉 = 〈v1||e〉(η×) (µα.〈v||π1(α)〉, µα.〈v||π2(α)〉) = v
A A + B B
∆
ι1
e1!e
ι2
e2
(β+) 〈inji(v)||[e1, e2]〉 = 〈v||ei〉(η+) [µ̃x.〈inj1 x||e〉, µ̃x.〈inj2 x||e〉] = e
Fundamental dilemma of classical computation
〈v | µ̃x.c〉 → c[v/x]
〈µα.c | e〉 → c[e/α]
〈µα.c1||µ̃x.c2〉
c1[µ̃x.c2/α] c2[µα.c1/x]
Lack of confluence! All proofs (terms) are equated
From Proofs and Types: there is no sensible way of considering proofs as algorithms
Establishing a priority who goes first
Polarization : Divide the types in two camps: the call-by-name andcall-by-value types. The product is call-by-name and the union is call-by-value.
Fundamental dilemma of classical computation
〈v | µ̃x.c〉 → c[v/x]
〈µα.c | e〉 → c[e/α]
〈µα.c1||µ̃x.c2〉
c1[µ̃x.c2/α] c2[µα.c1/x]
Lack of confluence! All proofs (terms) are equated
From Proofs and Types: there is no sensible way of considering proofs as algorithms
Establishing a priority who goes first
Polarization : Divide the types in two camps: the call-by-name andcall-by-value types. The product is call-by-name and the union is call-by-value.
Who has priority? (Call-by-name)
〈µα.c1||µ̃x.c2〉
c2[µα.c1/α]
CBN
〈µα.c||E〉 → c[E/α] 〈v||µ̃x.c〉 → c[v/x]
E ∈ CoValue ::= α | v · E | . . .
Who has priority? (Call-by-name)
〈µα.c1||µ̃x.c2〉
c2[µα.c1/α]
CBN
〈µα.c||E〉 → c[E/α] 〈v||µ̃x.c〉 → c[v/x]
E ∈ CoValue ::= α | v · E | . . .
Who has priority? (Call-by-value)
〈µα.c1||µ̃xc2〉
c1[µ̃x.c2/α]
CBV
〈µα.c||e〉 → c[e/α] 〈V ||µ̃x.c〉 → c[V/x]
V ∈ Value ::= x | λx.v | . . .
Who has priority? (Call-by-value)
〈µα.c1||µ̃xc2〉
c1[µ̃x.c2/α]
CBV
〈µα.c||e〉 → c[e/α] 〈V ||µ̃x.c〉 → c[V/x]
V ∈ Value ::= x | λx.v | . . .
Duality of syntax and semantics
Reverse flow of information:
〈v||e〉 is dual to 〈e||v〉
Swap input and output:
µα.c is dual to µ̃x.c
De Morgan duality:“and” (pairs) dual to “or” (sums)“implies” (functions) dual to “subtraction” (delimited continuations?)
Call-by-value is dual to call-by-name!
The parametric sequent calculus
(µ̃V ) 〈V ||µ̃x.c〉 = c{V/x}
(µE) 〈µα.c||E〉 = c{E/α}
(ηµ̃) µ̃x.〈x||e〉 = e
(ηµ) µα.〈v||α〉 = v
(β→) 〈λx.v||v ′ · e〉 = 〈v ′||µ̃x.〈v||e〉〉
(β×) 〈(V1,V2)||πi(e)〉 = 〈Vi||e〉
(β+) 〈inj1(V)||[e1, e2]〉 = 〈V ||ei〉
(η→) λx.µα.〈z||x · α〉 = z
(η×) (µα.〈z||π1(α)〉, µα.〈z||π2(α)〉) = z
(η+) [µ̃x.〈inj1 x||α〉, µ̃x.〈inj2 x||α〉] = α
V ∈ ValueN ::= v
V ∈ ValueV ::= x | λx.v | (V1,V2) | inji(V)
E ∈ CoValueN ::= α | V · E | πi(E) | [E1, E2]
E ∈ CoValueV ::= e
Polarity and Extensionality
How do we add more connectives?
Γ ` A,∆ Γ ` B,∆Γ ` A× B,∆
×RΓ,A ` ∆
Γ,A× B ` ∆×L
Γ,B ` ∆
Γ,A× B ` ∆×L
Γ1 ` A,∆1 Γ2 ` B,∆2
Γ1, Γ2 ` A× B,∆1,∆2×R
Γ,A,B ` ∆
Γ,A× B ` ∆×L
Are the two formulations the same from the proof search point of view?
The first formulation is dangerous on the le�; you might have picked the wrongconjunct
The second formulation is dangerous on the right; you might have picked thewrong separations of resources
How do we add more connectives?
Γ ` A,∆ Γ ` B,∆Γ ` A× B,∆
×RΓ,A ` ∆
Γ,A× B ` ∆×L
Γ,B ` ∆
Γ,A× B ` ∆×L
Γ1 ` A,∆1 Γ2 ` B,∆2
Γ1, Γ2 ` A× B,∆1,∆2×R
Γ,A,B ` ∆
Γ,A× B ` ∆×L
Are the two formulations the same from the proof search point of view?
The first formulation is dangerous on the le�; you might have picked the wrongconjunct
The second formulation is dangerous on the right; you might have picked thewrong separations of resources
How do we add more connectives?
Γ ` A,∆ Γ ` B,∆Γ ` A× B,∆
×RΓ,A ` ∆
Γ,A× B ` ∆×L
Γ,B ` ∆
Γ,A× B ` ∆×L
Γ1 ` A,∆1 Γ2 ` B,∆2
Γ1, Γ2 ` A× B,∆1,∆2×R
Γ,A,B ` ∆
Γ,A× B ` ∆×L
Are the two formulations the same from the proof search point of view?
The first formulation is dangerous on the le�; you might have picked the wrongconjunct
The second formulation is dangerous on the right; you might have picked thewrong separations of resources
Reversibility of conjunction and disjunction
Γ ` A,∆ Γ ` B,∆Γ ` A & B,∆
&RΓ,A ` ∆
Γ,A & B ` ∆&L
Γ,B ` ∆
Γ,A & B ` ∆&L
Γ1 ` A,∆1 Γ2 ` B,∆2
Γ1, Γ2 ` A⊗ B,∆1,∆2⊗R
Γ,A,B ` ∆
Γ,A⊗ B ` ∆⊗L
The le� rules of & ore irreversible; only make sense top-down
The le� rules of ⊗ are reversible; make sense in either direction
Γ,A ` ∆ Γ,B ` ∆
Γ,A⊕ B ` ∆⊕L
Γ ` A,∆Γ ` A⊕ B,∆
⊕RΓ ` B,∆
Γ ` A⊕ B,∆⊗R
Γ,A ` ∆ Γ,B ` ∆
Γ,A` B ` ∆`L
Γ ` A,B,∆Γ ` A` B,∆
`R
The right rules of ⊕ ore irreversible; only make sense top-down
The right rules of ` are reversible; make sense in either direction
Reversibility of conjunction and disjunction
Γ ` A,∆ Γ ` B,∆Γ ` A & B,∆
&RΓ,A ` ∆
Γ,A & B ` ∆&L
Γ,B ` ∆
Γ,A & B ` ∆&L
Γ1 ` A,∆1 Γ2 ` B,∆2
Γ1, Γ2 ` A⊗ B,∆1,∆2⊗R
Γ,A,B ` ∆
Γ,A⊗ B ` ∆⊗L
The le� rules of & ore irreversible; only make sense top-down
The le� rules of ⊗ are reversible; make sense in either direction
Γ,A ` ∆ Γ,B ` ∆
Γ,A⊕ B ` ∆⊕L
Γ ` A,∆Γ ` A⊕ B,∆
⊕RΓ ` B,∆
Γ ` A⊕ B,∆⊗R
Γ,A ` ∆ Γ,B ` ∆
Γ,A` B ` ∆`L
Γ ` A,B,∆Γ ` A` B,∆
`R
The right rules of ⊕ ore irreversible; only make sense top-down
The right rules of ` are reversible; make sense in either direction
Reversibility of conjunction and disjunction
Γ ` A,∆ Γ ` B,∆Γ ` A & B,∆
&RΓ,A ` ∆
Γ,A & B ` ∆&L
Γ,B ` ∆
Γ,A & B ` ∆&L
Γ1 ` A,∆1 Γ2 ` B,∆2
Γ1, Γ2 ` A⊗ B,∆1,∆2⊗R
Γ,A,B ` ∆
Γ,A⊗ B ` ∆⊗L
The le� rules of & ore irreversible; only make sense top-down
The le� rules of ⊗ are reversible; make sense in either direction
Γ,A ` ∆ Γ,B ` ∆
Γ,A⊕ B ` ∆⊕L
Γ ` A,∆Γ ` A⊕ B,∆
⊕RΓ ` B,∆
Γ ` A⊕ B,∆⊗R
Γ,A ` ∆ Γ,B ` ∆
Γ,A` B ` ∆`L
Γ ` A,B,∆Γ ` A` B,∆
`R
The right rules of ⊕ ore irreversible; only make sense top-down
The right rules of ` are reversible; make sense in either direction
Reversibility of conjunction and disjunction
Γ ` A,∆ Γ ` B,∆Γ ` A & B,∆
&RΓ,A ` ∆
Γ,A & B ` ∆&L
Γ,B ` ∆
Γ,A & B ` ∆&L
Γ1 ` A,∆1 Γ2 ` B,∆2
Γ1, Γ2 ` A⊗ B,∆1,∆2⊗R
Γ,A,B ` ∆
Γ,A⊗ B ` ∆⊗L
The le� rules of & ore irreversible; only make sense top-down
The le� rules of ⊗ are reversible; make sense in either direction
Γ,A ` ∆ Γ,B ` ∆
Γ,A⊕ B ` ∆⊕L
Γ ` A,∆Γ ` A⊕ B,∆
⊕RΓ ` B,∆
Γ ` A⊕ B,∆⊗R
Γ,A ` ∆ Γ,B ` ∆
Γ,A` B ` ∆`L
Γ ` A,B,∆Γ ` A` B,∆
`R
The right rules of ⊕ ore irreversible; only make sense top-down
The right rules of ` are reversible; make sense in either direction
Reversibility in program
Irreversibile rules correspond to constructing a pa�ern
Reversibile rules correspond to pa�ern matching
Observation patterns of conjunction
Observation pa�erns
Γ | e : A ` ∆
Γ | π1(e) : A & B ` ∆&L
Γ | e : B ` ∆
Γ | π2(e) : A & B ` ∆&L
Responding to observations
c1 : (Γ ` α : A,∆) c2 : (Γ ` β : B,∆)
Γ ` µ(π1(α).c1 | π2(β).c2) : A & B | ∆&R
Extensionality of pa�ern matching
v : A & B = µ(π1(α).〈v||π1(α)〉 | π2(β).〈v||π2(β)〉)
Construction patterns of disjunction
Construction pa�erns
Γ ` v : A | ∆
Γ ` inj1(v) : A⊕ B | ∆⊕R
Γ ` v : B | ∆
Γ ` inj2(v) : A⊕ B | ∆⊕R
Deconstructing constructions
c1 : (Γ, x : A ` ∆) c2 : (Γ, y : B ` ∆)
Γ | µ̃[inj1(x).c1 | inj2(y).c2] : A⊕ B ` ∆⊕L
Extensionality of pa�ern matching
e : A⊕ B = µ̃[inj1(x).〈inj1(x)||e〉 | inj2(y).〈inj2(y)||e〉]
Deciding priority: “Who is the liar?”
µα.c produces a product A & B
µα.c = µ(π1(α).c1 | π2(β).c2)
〈µα.c||µ̃x.c′〉 = 〈µ(π1(α).c1 | π2(β).c2)||µ̃x.c′〉
Interpretation: only choice is call-by-name
Deciding priority: “Who is the liar?”
µ̃x.c′ consumes a sum A⊕ B
µ̃x.c′ = µ̃[inj1(x).c′1 | inj2(y).c′2]
〈µα.c||µ̃x.c′〉 = 〈µα.c||µ̃[inj1(x).c′1 | inj2(y).c′2]〉
Interpretation: only choice is call-by-value
Polarization Hypothesis
Positive types
Defined by right-handed pa�erns of construction
Have le�-handed extensionality for consumption
Follow call-by-value evaluation order
Negative types
Defined by le�-handed pa�erns of observation
Have right-handed extensionality for production
Follow call-by-name evaluation order
Realistic programs use both polarities