LEGO is a computer program for interactive typechecking in the Extended Calculus of Constructions and two of its subsystems. LEGO also supports the extension of these three systems with inductive types. These type systems can be viewed as logics, and as meta languages for expressing logics, and LEGO is intended to be used for interactively constructing proofs in mathematical theories presented in these logics. I have developed LEGO over six years, starting from an implementation of the Calculus of Constructions by G erard Huet. LEGO has been used for problems at the limits of our abilities to do formal mathematics. In this thesis I explain some aspects of the meta-theory of LEGO's type systems leading to a machine-checked proof that typechecking is decidable for all three type theories supported by LEGO, and to a verified algorithm for deciding their typing judgements, assuming only that they are normalizing. In order to do this, the theory of Pure Type Systems (PTS) is extended and f...

Research in dependent type theories [M-L71a] has, in the past, concentrated on its use in the presentation of theorems and theorem-proving. This thesis is concerned mainly with the exploitation of the computational aspects of type theory for programming, in a context where the properties of programs may readily be specified and established. In particular, it develops technology for programming with dependent inductive families of datatypes and proving those programs correct. It demonstrates the considerable advantage to be gained by indexing data structures with pertinent characteristic information whose soundness is ensured by typechecking, rather than human effort. Type theory traditionally presents safe and terminating computation on inductive datatypes by means of elimination rules which serve as induction principles and, via their associated reduction behaviour, recursion operators [Dyb91]. In the programming language arena, these appear somewhat cumbersome and give rise to unappealing code, complicated by the inevitable interaction between case analysis on dependent types and equational reasoning on their indices which must appear explicitly in the terms. Thierry Coquand’s proposal [Coq92] to equip type theory directly with the kind of

Work on the TILT compiler for Standard ML led us to study a language with singleton kinds: S(A) is the kind of all types provably equivalent to the type A. Singletons are interesting because they provide a very general form of definitions for type variables, allow fine-grained control of type computations, and allow many equational constraints to be expressed within the type system.

We study the λΠΣS ≤ calculus, which contains singleton types S(M) classifying terms of base type provably equivalent to the term M. The system includes dependent types for pairs and functions (Σ and Π) and a subtyping relation induced by regarding singletons as subtypes of the base type. The decidability of type checking for this language is non-obvious, since to type check we must be able to determine equivalence of well-formed terms. But in the presence of singleton types, the provability of an equivalence judgment Γ ⊢ M1 ≡ M2: A can depend both on the typing context Γ and on the particular type A at which M1 and M2 are compared. We show how to prove decidability of term equivalence, hence of type checking, in λΠΣS ≤ by exhibiting a type-directed algorithm for directly computing normal forms. The correctness of normalization is shown using an unusual variant of Kripke logical relations organized around sets; rather than defining a logical equivalence relation, we work directly with (subsets of) the corresponding equivalence classes. We then provide a more efficient algorithm for checking type equivalence without constructing normal forms. We also show that type checking, subtyping, and all other judgments of the system are decidable.

Several proof-assistants rely on the very formal basis of Pure Type Systems (PTS) as their foundations. We are concerned with the issues involved in the development of large proofs in these provers such as namespace management, development of reusable proof libraries and separate verification. Although actual implementations offer many features to address them, few theoretical foundations have been laid for them up to now.

One of the most important contributions of A. Church to logic is his invention of the lambda calculus. We present the genesis of this theory and its two major areas of application: the representation of computations and the resulting functional programming languages on the one hand and the representation of reasoning and the resulting systems of computer mathematics on the other hand. Acknowledgement. The following persons provided help in various ways. Erik Barendsen, Jon Barwise, Johan van Benthem, Andreas Blass, Olivier Danvy, Wil Dekkers, Marko van Eekelen, Sol Feferman, Andrzej Filinski, Twan Laan, Jan Kuper, Pierre Lescanne, Hans Mooij, Robert Maron, Rinus Plasmeijer, Randy Pollack, Kristoffer Rose, Richard Shore, Rick Statman and Simon Thompson. Partial support came from the European HCM project Typed lambda calculus (CHRXCT-92-0046), the Esprit Working Group Types (21900) and the Dutch NWO project WINST (612-316-607). 1. Introduction This paper is written to honor Church's gr...

When proving a theorem, one makes intermediate claims, leaving parts temporarily unspecified. These `open' parts may be proofs but also terms. In interactive theorem proving systems, one prominently deals with these `unfinished proofs' and `open terms'. We study these `open phenomena' from the point of view of logic. This amounts to finding a correctness criterion for `unfinished proofs' (where some parts may be left open, but the logical steps that have been made are still correct). Furthermore we want to capture the notion of `proof state'. Proof states are the objects that interactive theorem provers operate on and we want to understand them in terms of logic. In this paper we define `open higher order predicate logic', an extension of higher order logic with unfinished (open) proofs and open terms. Then we define a type theoretic variant of this open higher order logic together with a formulas-as-types embedding from open higher order logic to this type theory. We show how this type theory nicely captures the notion of `proof state', which is now a type-theoretic context.

Incomplete logical proofs are the logical counterpart of the incomplete #-terms that one usually works with in an interactive theorem prover based on type theory. In this paper we extend the formalization of such incomplete proofs given in [5] by introducing unknowns that are allowed to provide temporary bindings for variables that are supposed to be bound, but whose binders are not constructed yet - a situation that typically occurs when one does forward reasoning.

A lambda-free logical framework takes parameterisation and definitions as the basic notions to provide schematic mechanisms for specification of type theories and their use in practice. The framework presented here, PAL + , is a logical framework for specification and implementation of type theories, such as Martin-Lof's type theory or UTT. As in Martin-Lof's logical framework [NPS90], computational rules can be introduced and are used to give meanings to the declared constants. However, PAL + only allows one to talk about the concepts that are intuitively in the object type theories: types and their objects, and families of types and families of objects of types. In particular, in PAL + , one cannot directly represent families of families of entities, which could be done in other logical frameworks by means of lambda abstraction. PAL + is in the spirit of de Bruijn's PAL for Automath [dB80]. Compared with PAL, PAL + allows one to represent parametric concepts such as famil...

We give a detailed account of the use of type theory as a foundational language to formalise mathematics. We develop in the type system UTT a coherent approach to naive set theory and elementary mathematical notions. In the second part of the paper, we present a fully-checked example based on our representation of naive set theory. Contents 1 Introduction 1 2 Fundamentals 3 2.1 Naive set theory . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.1.1 Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.1.2 Discrete sets . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.1.3 Maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.1.4 The category of sets . . . . . . . . . . . . . . . . . . . . . 5 2.1.5 Multi-variate maps . . . . . . . . . . . . . . . . . . . . . . 6 2.1.6 Predicates and relations . . . . . . . . . . . . . . . . . . . 7 2.1.7 Subsets and powerset . . . . . . . . . . . . . . . . . . . . 7 2.1.8 Quotients . . . . . . . . . . . . . . . ...