-Axiom: --------- - A |- A - -Structural Rules: - - Γ, A, B, Δ |- C -Exchange: --------------------------- - Γ, B, A, Δ |- C - - Γ, A, A |- B -Contraction: ------------------- - Γ, A |- B - - Γ |- B -Weakening: ----------------- - Γ, A |- B - -Logical Rules: - - Γ, A |- B ---> I: ------------------- - Γ |- A --> B - - Γ |- A --> B Γ |- A ---> E: ----------------------------------- - Γ |- B +let div' (x:int) (y:int) = + match y with 0 -> None | + _ -> Some (x / y);; + +(* +val div' : int -> int -> int option = fun +# div' 12 3;; +- : int option = Some 4 +# div' 12 0;; +- : int option = None +# div' (div' 12 3) 2;; +Characters 4-14: + div' (div' 12 3) 2;; + ^^^^^^^^^^ +Error: This expression has type int option + but an expression was expected of type int +*)-`A`, `B`, etc. are variables over formulas. -Γ, Δ, etc. are variables over (possibly empty) sequences -of formulas. Γ `|- A` is a sequent, and is interpreted as -claiming that if each of the formulas in Γ is true, then `A` -must also be true. - -This logic allows derivations of theorems like the following: +This starts off well: dividing 12 by 3, no problem; dividing 12 by 0, +just the behavior we were hoping for. But we want to be able to use +the output of the safe-division function as input for further division +operations. So we have to jack up the types of the inputs:

-------- Id -A |- A ----------- Weak -A, B |- A -------------- --> I -A |- B --> A ------------------ --> I -|- A --> B --> A +let div' (x:int option) (y:int option) = + match y with None -> None | + Some 0 -> None | + Some n -> (match x with None -> None | + Some m -> Some (m / n));; + +(* +val div' : int option -> int option -> int option =-Should remind you of simple types. (What was `A --> B --> A` the type -of again?) +Beautiful, just what we need: now we can try to divide by anything we +want, without fear that we're going to trigger any system errors. -The easy way to grasp the Curry-Howard correspondence is to *label* -the proofs. Since we wish to establish a correspondence between this -logic and the lambda calculus, the labels will all be terms from the -simply-typed lambda calculus. Here are the labeling rules: +I prefer to line up the `match` alternatives by using OCaml's +built-in tuple type:+# div' (Some 12) (Some 4);; +- : int option = Some 3 +# div' (Some 12) (Some 0);; +- : int option = None +# div' (div' (Some 12) (Some 0)) (Some 4);; +- : int option = None +*)

-Axiom: ----------- - x:A |- x:A - -Structural Rules: - - Γ, x:A, y:B, Δ |- R:C -Exchange: ------------------------------- - Γ, y:B, x:A, Δ |- R:C - - Γ, x:A, x:A |- R:B -Contraction: -------------------------- - Γ, x:A |- R:B - - Γ |- R:B -Weakening: --------------------- - Γ, x:A |- R:B [x chosen fresh] - -Logical Rules: +let div' (x:int option) (y:int option) = + match (x, y) with (None, _) -> None | + (_, None) -> None | + (_, Some 0) -> None | + (Some m, Some n) -> Some (m / n);; +- Γ, x:A |- R:B ---> I: ------------------------- - Γ |- \xM:A --> B +So far so good. But what if we want to combine division with +other arithmetic operations? We need to make those other operations +aware of the possibility that one of their arguments will trigger a +presupposition failure: - Γ |- f:(A --> B) Γ |- x:A ---> E: ------------------------------------- - Γ |- (fx):B +

+let add' (x:int option) (y:int option) = + match (x, y) with (None, _) -> None | + (_, None) -> None | + (Some m, Some n) -> Some (m + n);; + +(* +val add' : int option -> int option -> int option =-In these labeling rules, if a sequence Γ in a premise contains -labeled formulas, those labels remain unchanged in the conclusion. +This works, but is somewhat disappointing: the `add'` operation +doesn't trigger any presupposition of its own, so it is a shame that +it needs to be adjusted because someone else might make trouble. -What is means for a variable `x` to be chosen *fresh* is that -`x` must be distinct from any other variable in any of the labels -used in the proof. - -Using these labeling rules, we can label the proof -just given: +But we can automate the adjustment. The standard way in OCaml, +Haskell, etc., is to define a `bind` operator (the name `bind` is not +well chosen to resonate with linguists, but what can you do). To continue our mnemonic association, we'll put a `'` after the name "bind" as well.+# add' (Some 12) (Some 4);; +- : int option = Some 16 +# add' (div' (Some 12) (Some 0)) (Some 4);; +- : int option = None +*)

------------- Id -x:A |- x:A ----------------- Weak -x:A, y:B |- x:A -------------------------- --> I -x:A |- (\y.x):(B --> A) ----------------------------- --> I -|- (\x y. x):A --> B --> A +let bind' (x: int option) (f: int -> (int option)) = + match x with None -> None | + Some n -> f n;; + +let add' (x: int option) (y: int option) = + bind' x (fun x -> bind' y (fun y -> Some (x + y)));; + +let div' (x: int option) (y: int option) = + bind' x (fun x -> bind' y (fun y -> if (0 = y) then None else Some (x / y)));; + +(* +# div' (div' (Some 12) (Some 2)) (Some 4);; +- : int option = Some 1 +# div' (div' (Some 12) (Some 0)) (Some 4);; +- : int option = None +# add' (div' (Some 12) (Some 0)) (Some 4);; +- : int option = None +*)-We have derived the *K* combinator, and typed it at the same time! - -Need a proof that involves application, and a proof with cut that will -show beta reduction, so "normal" proof. +Compare the new definitions of `add'` and `div'` closely: the definition +for `add'` shows what it looks like to equip an ordinary operation to +survive in dangerous presupposition-filled world. Note that the new +definition of `add'` does not need to test whether its arguments are +None objects or real numbers---those details are hidden inside of the +`bind'` function. -[To do: add pairs and destructors; unit and negation...] +The definition of `div'` shows exactly what extra needs to be said in +order to trigger the no-division-by-zero presupposition. -Excercise: construct a proof whose labeling is the combinator S. +For linguists: this is a complete theory of a particularly simply form +of presupposition projection (every predicate is a hole).