Definitions by rewriting in the Calculus of Constructions

(1)

HAL Id: inria-00105648

https://hal.inria.fr/inria-00105648

Submitted on 11 Oct 2006

HAL is a multi-disciplinary open access archive for the deposit and dissemination of sci- entific research documents, whether they are pub- lished or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers.

L’archive ouverte pluridisciplinaire HAL, est destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d’enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.

Frédéric Blanqui

To cite this version:

Frédéric Blanqui. Definitions by rewriting in the Calculus of Constructions. Mathematical Structures in Computer Science, Cambridge University Press (CUP), 2005, 15 (1), pp.37-92.

�10.1017/S0960129504004426�. �inria-00105648�

(2)

inria-00105648, version 1 - 11 Oct 2006

DOI:10.1017/S0960129504004426 PrintedintheUnitedKingdom

Denitions by rewriting

in the Calulus of Construtions

Frédéri Blanqui

12

1

Laboratoired'Informatiquedel'ÉolePolytehnique(LIX)

91128PalaiseauCedex,Frane

(until30September2003)

2

InstitutNational deReherheenInformatiqueetAutomatique(INRIA)

Laboratoire lorraindeReherheenInformatiqueetsesAppliations (LORIA)

615rue duJardinBotanique,BP101,54602 Villers-lès-Nany,Frane

blanquiloria.fr (from1stOtober 2003)

Reeived16September2002. Revised12November2003.

Abstrat:This paperpresentsgeneralsyntationditionsensuringthe strong normal-

izationandthe logial onsisteny ofthe Calulus ofAlgebraiConstrutions, anexten-

sion of the Calulus of Construtions with funtions and prediates dened by higher-

order rewrite rules. On the onehand, the Calulus of Construtionsis a powerful type

systeminwhihoneanformalizethepropositionsandnaturaldedutionproofsofhigher-

orderlogi.Ontheotherhand,rewritingisasimpleandpowerfulomputationparadigm.

The ombinationofbothallows, amongotherthings, todevelop formalproofs withare-

dued size and more automation ompared with more traditional proof assistants. The

mainnovelty istoonsider ageneral formof rewriting atthe prediate-levelwhih gen-

eralizes the strongelimination ofthe Calulusof IndutiveConstrutions.

1. Introdution

This workaims at dening anexpressivelanguageallowingto speify andprovemath-

ematialpropertieseasily. ThequestforsuhalanguagestartedwithGirard'systemF

(Girard1972)ontheonehandandDeBruijn'sAutomathprojet(DeBruijn1968)onthe

otherhand.Later, Coquandand Huetombinedbothaluliinto theCalulusofCon-

strutions(CC)(Coquand1985).AsinsystemF,inCC,datatypesaredenedthrough

imprediativeenodings that are diultto usein pratie. So,followingMartin-Löf's

theoryoftypes(Martin-Löf1984),CoquandandPaulin-Mohringdenedanextensionof

CCwithindutive typesandtheirassoiatedindution priniplesasrst-lass objets,

the Calulus of Indutive Construtions (CIC) (Coquand and Paulin-Mohring 1988),

whihisthebasisoftheproof-assistantCoq(CoqDevelopmentTeam2002).

However,deningfuntionsorprediatesbyindutionisnotalwaysonvenient.More-

over,withsuhdenitions, equationalreasoningisuneasyandleadstoverylargeproof

(3)

This ideathat proving is notonly reasoning(undeidable) but also omputing (deid-

able)hasbeenreentlyformalizedinageneralwaybyDowek,HardinandKirhnerwith

theNaturalDedutionModulo(NDM)forrst-order logi(Doweket al.1998).

Amoreonvenientand powerfulwayof deningfuntions andprediatesis byusing

rewrite rules (Dershowitz and Jouannaud 1990). This notion is very old but its study

really beganin the70's withKnuthand Bendix(BendixandKnuth 1970)forknowing

whether,in agiven equationaltheory,an equationis validornot. Then,rewriting was

quiklyusedasaprogrammingparadigm(see(Dershowitz andJouannaud1990))sine

anyomputablefuntionanbedenedbyrewriterules.

Inthefollowingsub-setions,wepresentinmoredetailsourmotivationsforextending

CICwithrewriting,thepreviousworksontheombinationof

λ

^-alulus^and^rewriting,

andourownontributions.

1.1. Advantagesof rewriting

In CIC, funtions and prediates an be dened by indution on indutively dened

types. The ase of the type

nat

^of ^natural ^numbers, ^dened ^from

0 : nat

^(zero) ^and

s : nat ⇒ nat

^(suessor ^funtion), ^yields ^Gödel' ^system^T: ^a ^funtion

f : nat ⇒ τ

^is

dened by givinga pairof terms

(u, v)

^, ^written

(rec u v)

^, ^where

u : τ

^is ^the ^value ^of

f (0)

^and

v : nat ⇒ τ ⇒ τ

îs â^funtion ^whih ômputes ^the^value ôf

f (n + 1)

^from

n

and

f (n)

^.Computationsproeedsbyapplyingthefollowing(higher-order)rewriterules, alled

ι

^-r^edution:

rec u v 0 → ι u

rec u v (s n) → ι v n (rec u v n)

For instane, addition an be dened by the term

λxy.(rec u v x)

^with

u = y

^and

v = λnr.s(r)

^(denition^by^indution^on

x

^).^Then,^one^an^hek^that:

^†

2 + 2 → ^∗ _β rec 2 v 2 → ι v 1 (rec 2 v 1) → ^∗ _β s(rec 2 v 1)

→ ι s(v 0 (rec 2 v 0)) → ^∗ _β s(s(rec 2 v 0)) → ι s(s(2)) = 4

Proofs by indution are formalized in the same way: if

P

îs â ^prediate ôn ^natural

numbers,

u

^a^proof ^of

P 0

^and

v

^a^proof ^of

(n : nat)P n ⇒ P (sn)

^,

^‡

^then

rec P u v

^is^a

proof of

(n : nat)P n

^, ^and

ι

^-redution^orresponds ^to ^theeliminationof indution uts.

Infat,

(rec u v)

îs^nothing^but â^partiularâseôf

(rec P u v)

^with^thenon-dependent prediate

P = λn.τ

^.

Inaddition,dedutionstepsaremademodulo

βι

-equivalene

§

, thatis, if

π

^is^a^proof

of

P

^and

P = βι Q

^, ^then

π

îsâlsoâ^proofôf

Q

^.^Fôrînstane,îf

π

îsâ^proofôf

P (2 + 2)

^,

then it is also aproof of

P(4)

^, âsône ^would ^naturally êxpet. ^The ^veriation ^that â

term

π

îsîndeedâ^proofôfâproposition

P

^,^alledtype-heking,isdeidablesine

βι

^is

aonuent(theorderofomputationsdoesnotmatter)andstronglynormalizing(there

isnoinniteomputation)relation(Werner1994).

†

→

^∗_β^is^the^transitive^losure^of^the

β

^-redution^relation:

(λx.t u) →

β

u{x 7→ t}

^.

‡

Asoftenintypesystems,wedenoteuniversalquantiationoveratype

T

^by

(x : T )

^.

§

Reexive,symmetriandtransitivelosureofthe

βι

^-redution^relation^(whihîs^the ûnionôf^the

β

and

ι

^redutionrelations).

(4)

Although the introdution of indutive typesand their indution priniples as rst-

lass objetsis a bigstep towardsagreater usability of proof assistants,weare going

to see that the restrition of funtion denitions to denitions by indution, and the

restritionoftypeonversionto

βι

-equivalene, haveseveralimportantdrawbaks.The useofrewriting,that is,theabilityof deningfuntions bygivingasetofrewriterules

R

^, ^and ^the possibility of doing dedutions modulo

βR

-equivalene, an remedy these problems. It appears that

ι

^-redution îtself îs ^nothing ^but â ^partiular âse ôf ^higher-

orderrewriting(Klopetal.1993;Nipkow1991)where,asopposedtorst-orderrewriting,

the onstrutionsof the

λ

^-alulus (appliation, abstration and produt) anbe used in therighthand-sides ofrules.

¶

A ommonexampleof ahigher-orderdenition isthe

funtion

map

^whih^applies^a^funtion

f

^to êahêlementôfâ^list:

map f nil → nil

map f (cons x ℓ) → cons (f x) (map f ℓ)

where

nil

^stands^for^the^empty^list ^and

cons

^for^the ^funtionâdding ânêlementât ^the

headofalist.

Easier denitions. First of all, with rewriting, denitions are easier. For instane,

additionanbedenedbysimplygivingtherules:

0 + y → y

(s x) + y → s (x + y)

Then, wehave

2 + 2 → s(2 + 1) → s(s(2 + 0)) → s(s(2)) = 4

^. Ôfôurse,ôneân^make

thedenitionsbyindutionlooklikethisone,asitistheaseinCoq(CoqDevelopment

Team2002),but thisisnotalwayspossible.Forinstane,thedenitionbyindution of

theomparisonfuntion

≤

ôn^natural^numbers^requires^theûseôf^two^reursors:

λx.rec (λy.true) (λnry.rec f alse (λn ^′ r ^′ .rn ^′ ) y) x

whilethedenitionbyrewritingissimply:

0 ≤ y → true s x ≤ 0 → f alse s x ≤ s y → x ≤ y

More eient omputations. From a omputational point of view, denitions by

rewritinganbemoreeient,althoughtheproessofseletinganappliablerulemay

haveahigherost (Augustsson 1985).Forexample, sine

+

îs ^dened ^byîndution ôn

its rstargument, theomputation of

n + 0

^requires

n + 1

^redution^steps. ^By^adding

therule

x + 0 → x

^,^this^takes^only^one^step.

Quotienttypes.Rewritingallowsustoformalizesomequotienttypesinasimpleway,

withoutrequiring anyadditional extension(Bartheand Geuvers1995; Courtieu 2001),

by simply onsidering rewrite rules on onstrutors, whih is forbidden in CIC sine

onstrutors must be free in this system. For instane, integers an be formalized by

taking

0

^for^zero,

p

^for^predeessor^and

s

^for^suessor,^together^with^the^rules:

¶

Wewillnotonsiderhigher-orderpattern-mathingherealthoughitshouldbepossibleasweshowit

forthesimply-typed

λ

^-alulusⁱⁿ^(Blanqui^2000).

(5)

s (p x) → x p (s x) → x

This tehniqueappliesto any typewhoseonstrutorssatisfyaset ofequationsthat

anbeturnedintoaonuentandstronglynormalizingrewritesystem(Jouannaudand

Kounalis1986).

More automation. We previously saw that, in CIC, if

P

îs â ^prediate ôn ^natural

numbers, then

P (2 + 2)

^is

βι

-equivalent to

P (4)

ând, ^hene, ^that â^proof ôf

P (2 + 2)

is also aproofof

P (4)

^. ^This ^means ^that ^proving

P (4)

^from

P (2 + 2)

^does^not^require

any argument: this is automatially done by the system. But, beause funtions must

bedened by indution,this doesnotwork anymorefor omputationson open terms:

sine

+

îs ^dened ^by îndution ôn îts ^rst ârgument,

P(x + 2)

^is ^not

βι

-equivalent to

P (s(s(x)))

^.^Proving

P (s(s(x)))

^from

P (x+ 2)

^requiresâûserînteration^for^proving^that

x + 2

^is^equal^to

s(s(x))

^,^whih ^requires^indution.

We mayeven go further and turn somelemmas into simpliation rules. Let us for

instaneonsiderthemultipliationonnaturalnumbers:

0 × y → 0

(s x) × y → y + (x × y)

Then,thedistributivityoftheadditionoverthemultipliationanbeturnedintothe

rewriterule:

(x + y) × z → (x × z) + (y × z)

heneallowingthesystemto provemoreequalitiesand morelemmasautomatially by

simply heking the

β R

-equivalene with already provedstatements. Inthe aseof an equality

u = v

^, ît ^sues ^to ^hek^whether ît îs

βR

-equivalent to the instane

u = u

of the identity axiom, whih is the same asheking whether

u

^and

v

^have ^the ^same

βR

^-normal^form.

Smaller proofs. Another important onsequene of onsidering a riher equivalene

relation on typesis that it redues thesize of proofs, whih is urrently animportant

limitationinproofassistantslikeCoq.Forinstane,whiletheproofof

P (s(s(x)))

^requires

theappliation ofsomesubstitutionlemmain CIC, itisequaltotheproof of

P (x + 2)

whenrewritingisallowed.Thebenetbeomesveryimportantwithequalityproofs,sine

theyrequiretheuseofmanylemmasin CIC(substitution,assoiativity,ommutativity,

et.), whiletheyredue to reexivitywith rewriting(if oneonsiders rewritingmodulo

assoiativityandommutativity(PetersonandStikel1981)).

More typable terms.The fat that someterms are not

βι

-equivalent as onewould expet hasanotherunfortunateonsequene:someapparentlywell-formedpropositions

arerejeted bythesystem.Takeforinstane thetype

list : (n : nat)⋆

^of ^lists^of^length

n

^with ^the ^onstrutors

nil : list0

^and

cons : nat ⇒ (n : nat)listn ⇒ list(sn)

^. ^Let

app : (n : nat)listn ⇒ (n ^′ : nat)listn ^′ ⇒ list(n + n ^′ )

^be^the onatenationfuntion on

list

^.Îf,âsûsual,

app

îs^dened ^byîndutionônîts^rstârgument^then,surprisingly,the

(6)

app n ℓ 0 ℓ = ℓ

app (n + n ^′ ) (app n ℓ n ^′ ℓ ^′ ) n ^′′ ℓ ^′′ = app n ℓ (n ^′ + n ^′′ ) (app n ^′ ℓ ^′ n ^′′ ℓ ^′′ )

Intherstequation,thelefthand-sideisoftype

list(n + 0)

^and^the^right^hand-side^is

oftype

listn

^.Âlthoughôneân^prove^that

n + 0 = n

^holds^for^any

n

ⁱⁿ

nat

^,^the^equality

is notwell-typedsine

n + 0

^is ^not

βι

-onvertibleto

n

^(only^terms ^of ^equivalent^types

anbeequal).

Intheseondequation, thelefthand-side isof type

list((n + n ^′ ) + n ^′′ )

^and ^the^right

hand-sideisoftype

list(n+(n ^′ +n ^′′ ))

^.Âgain,âlthoughôneân^prove^that

(n+n ^′ )+n ^′′ = n + (n ^′ + n ^′′ )

^holds ^for^any

n

^,

n ^′

^and

n ^′′

ⁱⁿ

nat

^, ^the ^two ^terms^are ^not

βι

-onvertible.

Therefore,thepropositionisnotwell-formed.

Ontheotherhand,byaddingtherules

x + 0 → x

^and

(x + y) + z → x + (y + z)

^,^the

previouspropositionsbeomewell-typedasexpeted.

Integration of deisionproedures.Oneanalsodeneprediatesbyrewriterules

orhavingsimpliationrulesonpropositions,henegeneralizingthedenitionsbystrong

elimination in CIC.For example,oneanonsider the set ofrules of Figure1 (Hsiang

1982)where

⊕

^(exlusive^or)^and

∧

âreômmutativeând âssoiative^symbols,

⊥

^rep-

resentsthepropositionalwaysfalseand

⊤

^thepropositionalwaystrue.

Fig.1.Deisionproedureforlassialpropositional tautologies

P ⊕ ⊥ → P P ⊕ P → ⊥ P ∧ ⊤ → P P ∧ ⊥ → ⊥ P ∧ P → P

P ∧ (Q ⊕ R) → (P ∧ Q) ⊕ (P ∧ R)

Hsiang(Hsiang1982)showedthat this systemisonuentandstronglynormalizing,

and that a proposition

P

îs â ^tautology ^(i.e. îs âlways ^true) ⁱ

P

^redues ^to

⊤

^. ^So,

assumingtype-hekinginCCextendedwiththisrewritesystemremainsdeidable,then,

to knowwhether a proposition

P

îs â^tautology, ît îs ^suient ^to ^submit ânârbitrary

proofof

⊤

^to^the^veriation^program.^We^would^notônly ^gainⁱⁿ âutomation^but âlso

inthesizeof proofs(anytautologywouldhaveaproofofonstantsize).

Weanalsoimaginesimpliationrules onequalitiesliketheonesofFigure 2where

+

^and

×

âreâssoiativeândommutative,and

=

ommutative.

Fig.2.Simpliationrulesonequality

x = x → ⊤ s x = s y → x = y

s x = 0 → ⊥

x + y = 0 → x = 0 ∧ y = 0

x × y = 0 → x = 0 ∨ y = 0

(7)

1.2. Problems

We saw that rewriting has numerous advantages over indution but it is not lear to

whihextentrewritingan beaddedtopowerfultypesystemsliketheCalulusofCon-

strutions (CC) without ompromising the deidability of type-heking and the log-

ial onsisteny. Furthermore, sine rewrite rules are user-dened, it is not lear also

whether

βR

-equivalene/normalizationanbemade aseient asaxed systemwith

βι

^-redution ônly ^(Grégoire ând ^Leroy ^2002), âlthough ^some ^works ôn ^rewriting ^seem

verypromising(Eker1996;KirhnerandMoreau2001).

Sine wewant to onsider dedutions modulo

βR

-equivalene,weat least need this equivalenetobedeidable.Theusualwayofprovingthedeidabilityofsuhanequiv-

alene relationis by proving onuene andstrong normalizationof the orresponding

redutionrelation. Sine these properties are notdeidablein general,we will look for

deidablesuientonditionsasgeneralaspossible.

Asforthelogialonsisteny,weannotdedueitfromnormalizationanymoreasitis

theaseinCC(Barendregt1992),sineaddingfuntionsymbolsandrewriterulesislike

adding hypothesis and equality/equivalene axioms. Therefore, for logial onsisteny

also,wewilllook forsuientonditionsasgeneralaspossible.

Inthefollowingsub-setion,wepresentashorthistoryofthedierentresultsobtained

sofaron theombination of

β

^-redutionând^rewriting. ^Then, ^we^will ^present ôurôwn

ontributions.

1.3. Previous works

Therstwork ontheombinationoftyped

λ

^-alulus^and (rst-order)rewritingis due to Breazu-Tannen in 1988 (Breazu-Tannen 1988). He showed that the ombination of

simply-typed

λ

^-alulusând^rst-order^rewritingîsônuentîf^rewritingîsônuent.În

1989,Breazu-TannenandGallier(Breazu-TannenandGallier1989),andOkada(Okada

1989)independently,showed that thestrong normalizationalso ispreserved.These re-

sultswereextendedbyDougherty(Dougherty1991)toanystable setofpure

λ

^-terms.

The ombination of rst-order rewriting and Pure TypeSystems (PTS) (Geuvers and

Nederhof1991; Barendregt1992)wasalso studied by severalauthors (Barbanera1990;

BartheandMelliès1996;BartheandvanRaamsdonk1997;Barthe1998).

In1991, Jouannaudand Okada (Jouannaudand Okada 1991)extended the resultof

Breazu-Tannen and Gallier to the higher-order rewrite systems satisfying the General

Shema,anextensionofprimitivereursiontothesimply-typed

λ

^-alulus.^With^higher-

order rewriting, strong normalization beomes more diult to prove sine there is a

strong interation betweenrewriting and

β

^-redution, ^whih ^is^not ^the ^ase^with ^rst-

orderrewriting.

In1993,Barbanera,Fernándezand Geuvers(Barbaneraet al.1994;Fernández1993)

extendedtheproofofJouannaudandOkadatotheCalulusofConstrutions(CC)with

objet-levelrewriting andsimply-typed funtion symbols.Themethods used sofar for

non-dependenttypesystems(Breazu-TannenandGallier1989;Dougherty1991)annot

(8)

thetypeonversionruleand,thus, allowsmoretermsto betypable.This wasextended

toPTS'sin (Bartheand Geuvers1995).

Othermethodsforprovingstrongnormalizationappeared.In1993,Van dePol(Van

de Pol 1993; Van de Poland Shwihtenberg 1995; Van de Pol 1996) extended to the

simply-typed

λ

^-alulus ^the^use ^of ^monotoni interpretations. In1999, Jouannaud and Rubio (Jouannaudand Rubio 1999) extended the Reursive Path Ordering (RPO) to

thesimply-typed

λ

^-alulus.

Inalltheseworks,eventheonesonCC,funtionsymbolsarealwayssimplytyped.It

wasCoquand(Coquand 1992)in1992whoinitiatedthestudy ofrewritingwithdepen-

dentandpolymorphisymbols.Hestudiedtheompletenessofdenitionswithdependent

types. He proposed a shema moregeneral than theshema of Jouannaud and Okada

sineitallowsindutivedenitionsonstritly-positivetypes,but itdoesnotneessarily

imply strong normalization. In 1996, Giménez (Giménez 1996; Giménez 1998) dened

arestrition ofthis shemafor whih heproved strong normalization.In 1999, Jouan-

naud, Okada and the author (Blanqui et al. 2002; Blanqui et al. 1999) extended the

GeneralShemain order to dealwith stritly-positivetypeswhile stillkeepingsimply-

typedsymbols.Finally,in2000,Walukiewiz(Walukiewiz2000;Walukiewiz-Chrz¡szz

2002)extendedJouannaudandRubio'sHORPOtoCCwithdependentandpolymorphi

symbols.

Allthese worksshareastrongrestrition:rewritingisrestritedtotheobjetlevel.

In1998, Dowek,Hardin and Kirhner(Doweket al.1998) proposed anewapproah

todedutionforrst-orderlogi:NaturalDedutionModulo(NDM)aongruene

≡

^on

propositions representingthe intermediateomputations betweentwodedution steps.

This dedution system onsists in replaing the usual rules of Natural Dedution by

equivalent rules modulo

≡

^. ^F^or ^instane, ^the elimination rule for

⇒

^(modus ^ponens)

beomes:

Γ ⊢ R Γ ⊢ P

Γ ⊢ Q (R ≡ (P ⇒ Q))

Theyprovedthat the simpletheoryof types(Doweket al.2001) andskolemizedset

theoryanbeseenasrst-ordertheoriesmoduloongruenesusingexpliitsubstitutions

(Abadiet al.1991).In(DowekandWerner 1998;DowekandWerner2000),Dowekand

WernergaveseveralonditionsensuringstrongnormalizationofuteliminationinNDM.

1.4. Contributions

Our main ontribution is to establish general onditions ensuring the strong normal-

ization of the Calulus of Construtions (CC) extended with prediate-level rewriting

(Blanqui2001).In (Blanqui2001),we showthat these onditionsaresatisedbymost

of the Calulus of Indutive Construtions (CIC) and by Natural Dedution Modulo

(NDM)alargelassofequationaltheories.

OurworkanbeseenasanextensionofbothNDMandCC,wheretheongruenenot

onlyinludesrst-orderrewritingbutalsohigher-orderrewritingsine,inCC,funtions

Definitions by rewriting in the Calculus of Constructions

HAL Id: inria-00105648

https://hal.inria.fr/inria-00105648

Submitted on 11 Oct 2006

HAL is a multi-disciplinary open access archive for the deposit and dissemination of sci- entific research documents, whether they are pub- lished or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers.

L’archive ouverte pluridisciplinaire HAL, est destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d’enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.

Frédéric Blanqui

To cite this version:

Frédéric Blanqui. Definitions by rewriting in the Calculus of Constructions. Mathematical Structures in Computer Science, Cambridge University Press (CUP), 2005, 15 (1), pp.37-92.

�10.1017/S0960129504004426�. �inria-00105648�

inria-00105648, version 1 - 11 Oct 2006

12

λ

nat

0 : nat

s : nat ⇒ nat

f : nat ⇒ τ

(u, v)

(rec u v)

u : τ

f (0)

v : nat ⇒ τ ⇒ τ

f (n + 1)

n

f (n)

ι

rec u v 0 → ι u

rec u v (s n) → ι v n (rec u v n)

λxy.(rec u v x)

u = y

v = λnr.s(r)

x

†

2 + 2 → ∗ β rec 2 v 2 → ι v 1 (rec 2 v 1) → ∗ β s(rec 2 v 1)

→ ι s(v 0 (rec 2 v 0)) → ∗ β s(s(rec 2 v 0)) → ι s(s(2)) = 4

P

u

P 0

v

(n : nat)P n ⇒ P (sn)

‡

rec P u v

(n : nat)P n

ι

(rec u v)

(rec P u v)

P = λn.τ

βι

§

π

P

P = βι Q

π

Q

π

P (2 + 2)

P(4)

π

P

βι

→

β

(λx.t u) →

u{x 7→ t}

T

(x : T )

βι

β

ι

βι

R

βR

ι

λ

¶

map

f

map f nil → nil

map f (cons x ℓ) → cons (f x) (map f ℓ)

nil

^†

2 + 2 → ^∗ _β rec 2 v 2 → ι v 1 (rec 2 v 1) → ^∗ _β s(rec 2 v 1)

→ ι s(v 0 (rec 2 v 0)) → ^∗ _β s(s(rec 2 v 0)) → ι s(s(2)) = 4

^‡

λx.rec (λy.true) (λnry.rec f alse (λn ^′ r ^′ .rn ^′ ) y) x

app : (n : nat)listn ⇒ (n ^′ : nat)listn ^′ ⇒ list(n + n ^′ )

app (n + n ^′ ) (app n ℓ n ^′ ℓ ^′ ) n ^′′ ℓ ^′′ = app n ℓ (n ^′ + n ^′′ ) (app n ^′ ℓ ^′ n ^′′ ℓ ^′′ )

list((n + n ^′ ) + n ^′′ )

list(n+(n ^′ +n ^′′ ))

(n+n ^′ )+n ^′′ = n + (n ^′ + n ^′′ )

n ^′

n ^′′