Martin-Löf Type Theory

The Curry-Howard correspondence is a one-to-one correspondence between proof sys- tems and computational models. It was rst discovered by Curry in [58] in the context of combinator calculus and Hilbert system and then extended by Howard to natural deduction for minimal propositional logic and simply-typed λ-calculus [98].

The Brouwer-Heyting-Kolmogorov (BHK) interpretation [108] is an informal explana- tion of the meaning of intuitionistic proofs. Following the BHK interpretation, a formula in intuitionistic logic can be read as a programming task and a proof as a program ac- complishing this task. Each intuitionistic connective can be associated a meaning in this interpretation: for example, the taskA∧B consists in accomplishing both tasksA andB and the task ∃x. P(x) consists in computing a witness aofP and accomplishing the task P(a).

Because intuitionistic logic features a nice interpretation of proofs as programs, it is a good candidate for the Curry-Howard correspondence. Martin-Löf Type Theory (MLTT) is a type system for an extendedλ-calculus in which formulae can be represented as types and proofs as terms.

To represent intuitionistic connectives, MLTT features inductive types freely generated by a set of constructors. The denitions of these inductive types all follow the same pat- tern: we rst give the constructors with their types, then the elimination principle denoted by E_A for each type A states that all values of inductive types start with a constructor.

Finally, we add computation rules representing cut-elimination: one rule for each possi- ble way of applying the elimination principle to a constructor. Actual implementations of MLTT such as Agda [134] propose this general scheme as a syntactic construct called inductive denition. The users of these implementations are free to dene their own induc- tive types and the type constructors proposed by Martin-Löf to represent logic through the Curry-Howard correspondence are special cases of inductive denitions. Dening inductive denitions precisely is however a quite subtle topic so we rather adopt a presentation close to the one by Martin-Löf in [122].

2.4. DEPENDENT TYPES

Types in MLTT are themselves elements of universes. An innite hierarchy of universes Type0,Type1, . . . is assumed, each universe inhabits the following one and each universe is closed with respect to the type-forming operations that we are about to dene.

Apart from the universes, the basic types of MLTT are the empty type 0 and the unit type 1. Two types A and B can be combined by forming their disjoint sum A+B.

Moreover, two binding constructs for building types are available: the dependent sum Σx :A. B and the dependent product Πx : A. B. In both constructs, the variable x is bound inB. Finally, from a typeAand two termsaanda^′ inA, we can build the identity type Eq(A, a, a^′).

All these syntactic constructs have two readings. They can either be understood as describing sets of terms of a certain shape or logical propositions:

ˆ The empty type 0 has no inhabitant and corresponds to logical falsehood.

ˆ The unit type 1 is a singleton and corresponds to logical truth.

ˆ The disjoint sum A+B contains terms of the form inl(a) where a inhabits A and terms of the form inr(b) where b inhabits B. The disjoint sum corresponds to the logical disjunctionA∨B.

ˆ The dependent sumΣx:A. B contains all the pairs (a, b) whereainhabitsA and b inhabitsB{x\a}. In particular, the type of the second component of these pairs may depend on the value of the rst component. The dependent sum corresponds to the logical existential quantication∃x:A. B.

ˆ The dependent product Πx : A. B contains all the functions of the form λx : A. b wherexis bound inbandbinhabitsB. In particular, the variablexrepresenting the argument of the function may appear not only in the returned valuebbut also in its type B. The dependent product corresponds to the logical universal quantication

∀x:A. B.

ˆ The identity type Eq(A, a, a^′)contains only the reexivity proof. The term re(A, a) inhabits Eq(A, a, a). The identity type corresponds to the logical equality a=Aa^′.

2.4. DEPENDENT TYPES

The other logical connectives can be derived as special cases:

ˆ The conjunctionA∧Bis represented in MLTT by the Cartesian productA×B which is dened as the non-dependent case of dependent sum: (A×B) := (Σx:A. B)where x does not occur free inB. Hence inhabitants of A×B are the pairs (a, b) wherea inhabitsA and binhabits B.

ˆ The implication A⇒B is represented in MLTT by the arrow typeA→B which is dened as the non-dependent case of dependent product: (A → B) := (Πx :A. B) where x does not occur free in B. Hence inhabitants of A → B are the functions λx:A. b such thatbinhabits B (the variablex may appear inbbut not in B).

ˆ Negation is dened as usual in intuitionistic logic: (¬A) := (A→0).

ˆ Equivalence is also dened as usual in intuitionistic logic: (A ↔B) := (A→ B)× (B →A).

We have explained all the ways by which we can construct inhabitants of types but not yet how to use them. For example, given two types A and B, we are not yet able to construct a term of type (A+B) → (B+A) which logically reads as commutativity of disjunction. If we try, we start by constructing the termλx: (A+B). cwherec is a term of typeB+Athat we have to provide (and which might use the variablex). Now we need to internalize in the type theory the principle that all inhabitants of A+B have one of the following shape : inl(a) or inr(b). By internalizing, we mean adding a new syntactic construct in the theory to do this.

This new construct is called the eliminator of disjoint sums and written EA+B(t, z : A+B. C, x:A. c, y:B. d). This eliminator is a new binder, the variablesx,y, andz are bound respectively in the terms c,d, andC. The programming reading of the eliminator of disjoint sums is a pattern matching construct. The term t is matched against the two possible shapes inl(x) and inr(y). In the rst case, the branch dened by the term c is chosen; in the second case, the branch dened by the term d is chosen. The subtlety of this construct comes from its typing rule. The types of both branches do not need to be identical but they may depend on the matched term. This dependency is handled by the

2.4. DEPENDENT TYPES

type C, the required type for c is C{z\inl(x)}, the required type for d is C{z\inr(y)}, and the returned type for the whole expression E_A+B(t, z:A+B. C, x:A. c, y :B. d) is C{z\t}. The logical reading of this new construct is reasoning by case depending on the shape of t; if t has the shape inl(x) then the rst branch (the term c) provides a way to proveC{z\t}, if on the contrarythas the shape inr(y)then the second branch (the termd) provides a way to proveC{z\t}. As a reasoning tool, the eliminator of disjoint sum hence corresponds to the natural deduction rule of elimination of disjunction (see Section 1.1.2).

The computational behaviour of the eliminator is provided by the following reduction rules:

ˆ E_A+B(inl(a), z:A+B. C, x:A. c, y:B. d)−→c{x\a},

ˆ EA+B(inr(b), z:A+B. C, x:A. c, y:B. d)−→d{y\b}.

Similar eliminators can be added for all the type constructors. We shall not describe them in detail.

Formally, the judgments of MLTT are the following:

ˆ Γ⊢meaning thatΓ is a well-formed typing context,

ˆ Γ⊢t:Ameaning that tis a term of typeA,

ˆ Γ⊢t≡u:A meaning thattand u are convertible terms of typeA.

The last judgment Γ ⊢ t ≡ u : A should not be confused with the judgment Γ ⊢ v : Eq(A, t, u). The judgment Γ ⊢ t ≡ u : A implies Γ ⊢ re(A, t) : Eq(A, t, u) but the converse does not hold because the judgmentΓ ⊢t≡u:Ais decidable but the existence of av such thatΓ⊢v:Eq(A, t, u) is not.

The rules related to disjoint sum are given in Figure 2.3. We will not attempt to list all the other typing rules of MLTT but we only highlight the most interesting rule of the system which is the conversion rule:

Γ⊢t:A Γ⊢A≡B :Typei (Conv)

Γ⊢t:B

As in Deduction modulo (see Section 1.3), this rule can be used to let huge computations implicit by following the Poincaré principle [24].

2.4. DEPENDENT TYPES

Γ⊢A:Typei Γ⊢B:Typei

(+-formation) Γ⊢A+B:Typei

Γ⊢a:A Γ⊢B:Typei

(inl) Γ⊢inl(a) :A+B

Γ⊢A:Typei Γ⊢b:B (inr) Γ⊢inr(b) :A+B

Γ, z:A+B⊢C:Typei Γ⊢t:A+B Γ, x:A⊢c:C{z\inl(x)} Γ, y:B⊢d:C{z\inr(y)}

(+-elim) Γ⊢EA+B(t, z:A+B. C, x:A. c, y:B. d) :C{z\t}

Γ, z:A+B⊢C:Typei Γ⊢a:A Γ, x:A⊢c:C{z\inl(x)} Γ, y:B⊢d:C{z\inr(y)}

(+-elim-inl) Γ⊢EA+B(inl(a), z:A+B. C, x:A. c, y:B. d)≡c{x\a}:C{z\inl(a)}

Γ, z:A+B⊢C:Typei Γ⊢b:B Γ, x:A⊢c:C{z\inl(x)} Γ, y:B⊢d:C{z\inr(y)}

(+-elim-inr) Γ⊢EA+B(inr(b), z:A+B. C, x:A. c, y:B. d)≡d{y\b}:C{z\inr(b)}

Figure 2.3: Typing rules for disjoint sums in MLTT