✐ ✐ “04primiero” 2012/12/9 page 579 ✐ ✐ Logique & Analyse 220 (2012), 579–600 A CONTEXTUAL TYPE THEORY WITH JUDGEMENTAL MODALITIES FOR REASONING FROM OPEN ASSUMPTIONS GIUSEPPE PRIMIERO∗ Abstract Contextual type theories are largely explored in their applications to programming languages, but less investigated for knowledge representation purposes. The combination of a constructive language with a modal extension of contexts appears crucial to explore the attractive idea of a type-theoretical calculus of provability from refutable assumptions for non-monotonic reasoning. This paper introduces such a language: the modal operators are meant to internalize two different modes of correctness, respectively with necessity as the standard notion of constructive verification and possibility as provability up to refutation of contextual conditions. 1. Introduction In the landscape of non-classical logics, constructive formal systems use proofs as first-class citizens to define the notion of truth, generalized to truth valid under assumptions. The idea of contextual truth, that originated with sequent calculi, is well interpreted for provability in the type-theoretical languages based on intuitionistic logic, such as in Martin-Löf Type Theory.1 In such a system, expressions have judgemental form A true with propositional content A, the latter being justified by an appropriate proof term a : A. The corresponding notion of contextual truth allows formulas of the form Γ ⊢ a : A, where Γ is of the standard form [x1 : A1 , . . . , xn : An ], a being a proof of A whenever appropriate substitutions are performed on the variables in Γ, so that [x1 /a1 : A1 , . . . , xn /an : An ] ⊢ a : A holds. This means that, constructively, hypothetical truth is reduced to dependent closed constructions and that hypotheses are grounded on the primitive notion of premise. In Martin-Löf’s Type Theory, this induces the conceptual ∗ 1 Fellow of the FWO – Research Foundation Flanders. See [22], [23], [25]. ✐ ✐ ✐ ✐ ✐ ✐ “04primiero” 2012/12/9 page 580 ✐ ✐ 580 GIUSEPPE PRIMIERO distinction between a known judgement and a judgement-candidate.2 The notion of an assumption is obtained by abstraction: from a construction of a proposition, one abstracts to obtain an assumption used in an implicational relation, whose computational content can be reconstructed when needed (as its content has been known). This construction is reflected in the usual introduction rule for implication in Natural Deduction calculi. Different research fields can be traced back to similar principles grounded around the notion of context. One of the first was the modeling of contexts from AI, which eventually led to the propositional logic and first-order logic of context.3 Further research with applications in linguistics and hardware verification has the very same starting point.4 The ability to speak of contexts via a modal extension represents the next obvious step. Along with the standard accessibility relations for modal operators in the intuitionistic translation of K and the constructive version of S4,5 a weaker format to accommodate the notion of context is given by the calculus CK in [27]. The latter provides a possible-world semantics sound and complete with respect to the natural deduction interpretation given in [14]. The same kind of issues led recently to the formulation of contextual modal type theories in [30] and [29]. In particular, the formal language presented in [30] exploits constructions for both modalities from the same principle of contextual derivability: the possibility judgement (♦A true) (proposition ‘possible A’ is true) is obtained from a contextually valid proposition; the necessity judgement (A true) (proposition ‘necessarily A’ is true) internalizes validity by satisfying assumptions, mimicking the Necessitation Rule from the semantics for a normal modal logic. In the present paper, we deviate from the propositional approach: our formulas will be respectively of the form (A true) (necessarily, proposition A is true) and ♦(A true) (possibly, proposition A is true). Our focus is on an interpretation of the modalities as meta-operators to express contextual validity. We shall understand the necessity judgement as saying that the assertion conditions for the related proposition are satisfied. The possibility judgement refers to a proposition whose assertion conditions are admissible, but whose construction is not guaranteed. We shall call these judgements ‘open assumptions’. Our starting point is the constructive reading of the notion of truth as existence of a verification, i.e. a notion of truth by verification; this is extended by a semantic format for the epistemic notion of verification under open 2 See e.g. [23], [40]. The term ‘judgement-candidate’ is originally due to Göran Sundholm. 3 See [26], [6], [5]. 4 See e.g. the bibliography in [1]. 5 For this see [31], [41], [3], [2], [1]; see [37] for an overview of the early studies on intuitionistic modal logics. ✐ ✐ ✐ ✐ ✐ ✐ “04primiero” 2012/12/9 page 581 ✐ ✐ A CONTEXTUAL TYPE THEORY WITH JUDGEMENTAL MODALITIES 581 assumptions. Technically, this amount to a version of the type-theoretical language that does not satisfy explicit substitutions on variables for assumptions,6 in this way expressing a notion of truth up to refutability. This distinction recalls a sensible topic for constructive logics. A standard explanation of constructive refutation is based on the meaning of intuitionistic negation as the condition that there is no construction for an absurdity. On this basis, indirect proofs in the form of a reductio ad absurdum are standardly not admitted, whereas the usual intuitionistic absurdity rule interprets the classical ex falso quodlibet.7 The foundational work [20] represents the basic result of translation of classical mathematics into intuitionistic mathematics: Kolmogorov reduces classical formulas to intuitionistic ones as long as they are double-negated, what he calls ‘pseudo-truths’, the implication from ¬¬A to A being valid in the domain of the finitary. The present paper dwells on this foundational idea that truth is admissible for a content which cannot be refuted, provided this is valid over a finitary domain. We provide distinct constructors for ‘pseudo-truths’ (to keep on using Kolmogorov’s terminology) and for constructive truths. Formally, this requires constraining a part of the language to a finitary set of formulas with direct verification processes: in this fragment of the language, the meaning of a valid judgement ‘A true’ justifies the further conclusion that no construction for ‘¬A true’ is possible. We then extend the language by introducing the weaker notion of ‘truth admissible up to refutation’: this is defined by a constructor obtained as a double negation introduction from the previously given set of constructors, representing an appropriate formulation for a constructive notion of admissible or not-yet-refuted truth-candidate. The related constructions do not need to satisfy any corresponding negation conditions, as it is the case for the notion of constructive refutation introduced in [21].8 We only require that the notion of admissible truth-candidate literally satisfies the logical concept of an assumption, a term which might not have an appropriate β-reduction (as from the corresponding λ-calculus).9 By interpreting hypotheses as open constructions, a judgement Γ ⊢ a : A expresses the truth of the proposition 6 See e.g. [38]. See e.g. [39, p. 40]. 8 The conditions required in [21] are: (I) a construction c proves ¬A if and only if c refutes A; (II) it is decidable whether or not c proves A, and whether or not c refutes A, whereas it is not explicitly excluded that a formula may be proved by one construction and refuted by another; (III) a construction c refutes ¬A if and only if c proves A. The combination of points (I) and (III) represents a direct translation of constructive proof into refutation. 9 Notoriously, the Curry-Howard isomorphism which matches formulas in a Hilbert-style system and types in calculi of combinatorial logic, has its further step in the analogy between natural deduction derivations and the terms of a λ-calculus. This latter analogy was established by Martin-Löf in a paper titled Infinite terms and a system of natural deduction in 1969. I owe this information to Göran Sundholm. 7 ✐ ✐ ✐ ✐ ✐ ✐ “04primiero” 2012/12/9 page 582 ✐ ✐ 582 GIUSEPPE PRIMIERO A on the basis of the information provided in Γ, unless some of the judgements formulated in Γ is refuted. The modal extension solves the problem of expressing such an epistemic relation on contextual constructions in the language, giving a set of rules by which this notion is preserved under logical inference. In this way we are allowed to survey our epistemic stand towards a finite amount of logical information and claim our actual stand towards the possible extensions. The structure of the paper is as follows. Section 2 provides a variant interpretation of the basic system of constructive type-theory, where the link between hypotheses and refutable contents becomes admissible; in section 2.2 this language is extended by introducing epistemic modal operators defined by their judgemental scope; finally in section 3 the set of rules for such modal type-theory is formulated in order to preserve refutability under a consequence relation. In the conclusion, the next steps of this research are mentioned. 2. Interpreting proved and refutable contents In the description of realistic knowledge processes, it seems appropriate to explain hypotheses as contents whose truth is declared, but whose refutation is not ruled out. Whereas a standard constructive reading of a hypothetical judgement is of the kind (I know that) S is P , provided (I know that) A1 to An hold, we refer to the representation of knowledge states related to the following schema of sentential contents: (I know that) S is P , provided that A1 to An are not refuted where S, P are terms and Ai are all propositions. Contextual reasoning allows us to implement this meaning of open assumptions as possible truth. To this aim, formally distinct notions of global and local validity can be used to interpret truth in context via the underlying reading of assumptions along with constructive truth. This is required because in the basic constructive definition of truth, refutable contents are not discussed. Hence, if the proof of a construction [x1 : A1 , . . . , xn : An ] ⊢ a : A is a process admitting the proof of A under not yet verified assumptions, the truth of propositions A1 , . . . , An needs to be introduced in a non-constructive way. In order to formalize such a reading, one needs to keep introduction rules for proven and assumed propositional contents separate, i.e. where the latter ✐ ✐ ✐ ✐ ✐ ✐ “04primiero” 2012/12/9 page 583 ✐ ✐ A CONTEXTUAL TYPE THEORY WITH JUDGEMENTAL MODALITIES 583 are not ultimately justified on the basis of the former. Judgemental modalities will be used to express the resulting different modes of correctness of a propositional content derivable in the context of either proven or assumed propositions: • a judgement (A true) expresses that a content A is true in any epistemic state, as A is independent from any refutable condition (either there are none, or all of them have been secured); • a judgement ♦(A true) expresses that a content A is true in some epistemic states, namely where certain conditions are not refuted. To obtain a modal language where the meaning of the operators is explained in this way, we start from a polymorphic language containing one basic sort type for categorical (non assumptions-based) constructive judgements with corresponding term constructors a, b; and one sort typeinf (information type) for judgements in a context of refutable conditions, with corresponding variable constructors x1 , x2 .10 Judgements of the first sort (type) induce a constructive notion of truth (true), the second ones (typeinf ) a weaker predicate of truth up to verification (true∗ ): type objects are meaning objects, each related to a corresponding semantic predicate. Our syntax, justified in the following two subsections and extended to the modal formulas only in the next section, is the following: Types := type; typeinf ; Propositions := A; A ∧ B; A ∨ B; A → B; (∃ai : Ai )B; (∀ai : Ai )B; A ⊃ B; A → ⊥ Proof terms := a; (a, b); a(b); λ(a(b)); < a, b >; Proof variables := x; (x(b)); (x(b))(a); Contexts := Γ, x : A; Γ, a : A; Γ; ♦Γ; ∆ Judgments := a : A; ¬(A → ⊥); x : A; A true; A true∗ ; Γ ⊢ A true; ♦(A true); (A true). The basic novelty of this syntax is represented by the introduction of the nonstandard kind typeinf and the corresponding semantic notion true∗ : they will provide us with the required syntactic-semantic weakening appropriate 10 The reason to call refutable types Information Type is dictated by the underlying epistemic difference between functional information and knowledge, where the former is defined as meaningful data, whereas the latter by meaningful justified (and hence true) data. Given both this conceptual distinction and the formal rules to follow, expressions in type can be see as a proper subset of the information type. ✐ ✐ ✐ ✐ ✐ ✐ “04primiero” 2012/12/9 page 584 ✐ ✐ 584 GIUSEPPE PRIMIERO for the notion of refutable assumption. It is on the basis of such extension that the modal fragment will be introduced in the next section. 2.1. The non-modal fragment The two objects type and typeinf are the linguistic/ontological categories of our system. Type Formation is no longer a unique judgement (as it is the case with Martin-Löf’s Type Theory), because it now includes two distinct cases. Absolute judgements in our type theory are of the form a : A and ¬(A → ⊥), the latter generating an assumption judgement x : A. From these two judgements we define both the types and the semantic terms of our language. Type formation and the verificationist principle of truth for categorically justified propositions are our basic inferences: a:A A type Type formation a:A A true Truth Definition The first rule says: given a categorical construction a for proposition A, A is of the sort type. The second rule says: given a categorical construction a for proposition A, the sort A is categorically true. Provided they are justified in the same way, in the following — and especially in the elimination rules for connectives — we will take the liberty of using a judgement of the form A true in rules that usually require the sort A to be equipped with term a, as A true always presupposes a : A. For type the standard identity rules that define Reflexivity, Symmetry and Transitivity hold as usual. The set of judgements in type are the (categorically) verifiable formulas of the language. Constructors for these judgements are composed by way of listing, application, abstraction and pairing to define connectives and quantifiers: ∧, ∨, →, ∀, ∃. a:A b:B I∧ (a, b) : A ∧ B true A ∧ B true E∧ l(a) : A A ∧ B true E∧ r(b) : B a:A b:B Right I∨ Left I∨ r(b) : A ∨ B true l(a) : A ∨ B true A ∨ B true A → C true C true a:A A true ⊢ b : B I→ a(b) : A → B true B → C true A → B true (a)b : B E∨ a:A E→ ✐ ✐ ✐ ✐ ✐ ✐ “04primiero” 2012/12/9 page 585 ✐ ✐ A CONTEXTUAL TYPE THEORY WITH JUDGEMENTAL MODALITIES a1 : Ai , . . . , an : Ai Ai true → b : B (∀ai : Ai )B type λ((ai (b))A, B) 585 I∀ (∀ai : Ai )B type (ai (b))A, B E∀ Ai true → b : B Ai true → b : B (< ai , b >, A, B) I∃ (∃ai : Ai )B type (∃ai : Ai )B type (< ai , b >, A, B) E∃ Ai true → b : B a:A ¬A → ⊥ I⊥ We omit identity rules on constructors, we use the λ-operator as a ∀-constructor on terms combined by application, angled parentheses <, > for ordered pairs as an ∃-constructor. → is obtained by application a(b) of the construction a of the antecedent to the construction b of the consequent, rather than by abstraction: it can be seen as a λ-term presented together with one of its α-terms.11 This construction reduces all implicational relations to categorical terms and it validates no implication from the false. Quantifiers are formulated accordingly. Universal predication abstracts from enumerable sets of equivalent constructions of Ai all implying the same proposition B. Its elimination picks one application out of those constructions. Existential quantification is justified by paired constructions, i.e. from a constructor of B which can be obtained from any of the equivalent constructors of Ai . Its elimination picks out the constructor of Ai to reconstruct the implication. The negation introduction rule is obviously derivable in the intuitionistic setting and it is crucial for the following extension to functional expressions: ¬ occurs in a (negated) implication from a valid type to the absurdum, saying that if A true is a known judgement, then one infers that no construction for ¬A holds. The corresponding elimination rule would validate doublenegation elimination, but we formulate instead a non-standard extension to functional expressions by a connective ⊃. Formally, a functional relation among expressions is explained as follows: if A type holds, then a construction of a new type B is possible by considering the latter as a family of sets over some x : A such that B type[x : A] whenever the substitution [x/a] is performed. The type checking will require first A to be well-formed, secondly evaluation to a current environment (i.e. the variables’ appropriate typing) for extraction of variable terms, thirdly construction for the variable 11 It interprets strict implication à la Heyting, recalling ideas mentioned by Martin-Löf and the calculus of types with explicit substitutions presented in [38]. ✐ ✐ ✐ ✐ ✐ ✐ “04primiero” 2012/12/9 page 586 ✐ ✐ 586 GIUSEPPE PRIMIERO in that environment, and finally evaluation of the variable and the formulation of the binding expression to a value for that environment. The generalization to multiple dependence being allowed, terms for B type whenever [x1 : A1 , . . . , xn : An ] are evaluated by being put into normal forms (eventually: weak head normal forms, explicit substitutions, closures) in order for the predication B type to be valid. A new task is to admit no explicit substitution on such formulas, requiring that variables be well-typed without requiring that they be brought to standard normal form. This leads to the introduction of assumed truth in the sense of (still) refutable contents. We start by allowing the new type format typeinf . A judgement A typeinf is not given by direct construction, rather it is given by checking that no construction for ¬A type is already given. In this way, an admissible (but notyet-grounded) predication is performed; the resulting semantic judgement is the one for hypothetical truth (true∗ ):12 ¬(A → ⊥) A typeinf A typeinf x:A ∗ A true Informational Type formation Hypothetical Truth Definition The judgement ¬(A → ⊥) in the previous fragment of the language says that there exists no pair of constructions < a, b > such that a(b) : A true → ⊥. It does not imply that a : A follows: the latter justification is kept entirely constructive and therefore cannot be given by indirect proof. The typeinf formation rule reminds us of a double negation elimination and it recalls an introduction rule, but it is not the appropriate counterpart of its classical version. This can be only seen in terms of the implicational relation ⊃ that holds for typeinf and that shall be introduced below. The second rule says that provided A can be admitted as a typeinf , a weak truth-predicate true∗ (true up to refutation) is inferred by assuming a construction for A exists: it can be seen as a place-holder for admissible but strictly yet-ungrounded truth.13 As open terms of this form lack direct computational content (i.e. their constructor is only implicit but not 12 It is intuitive to understand the rule formation for A typeinf as neutralized by a construction for ¬A, i.e. as soon as a refutation of A is given. The epistemic dynamics naturally involved by this rule can be described as the free act of the knowing agent to invoke A ‘as long as it is not refuted’. As mentioned in a previous footnote, the reason to call this an Information Type is due to the distinction we draw between judgements grounding knowledge, and judgements providing information used to build (hypothetical) knowledge. 13 This interpretation represents a more epistemically oriented reading of similar uses of open terms, notoriously relevant in, for instance, partial evaluation, see [19], [18]. ✐ ✐ ✐ ✐ ✐ ✐ “04primiero” 2012/12/9 page 587 ✐ ✐ A CONTEXTUAL TYPE THEORY WITH JUDGEMENTAL MODALITIES 587 evaluated), intensional identity cannot be defined over typeinf and only extensional identity as equality of the negated originating type is defined. For this reason, only conversions are admitted, so that type-checking and wellformedness of types becomes undecidable in view of the proposed extension with typeinf ; this also means that the introduction rule for the new sort typeinf substitutes the usual η-expansion.14 Under this interpretation, we introduce within the typeinf fragment: A typeinf x : A ⊢ B typeinf Function Construction x : A ⊢ B true∗ A typeinf x : A ⊢ B true∗ I⊃ ((x)b) : A ⊃ B true (A ⊃ B) true A type[x/a] E⊃ B true A typeinf x : A ⊢ B typeinf a:A β-conversion (x(b))(a) = b[a/x] : B type[a/x] Function construction says that B is true up to A being refuted (i.e. the formulation of a construction of ¬A being provided). The new implicational 14 This is clearly a different notion of extensional type than what is usually intended for Martin-Löf’s Type Theory, which nonetheless leads to an equivalent result of general undecidability. Our language seems inappropriate to define typically extensional concepts such as pointwise equal functions and quotient types. Our main aim is instead to preserve as much as possible a constructive model and then adapt it to forms of natural reasoning. Given the nature of the project, what is more worrying for us is the impossibility of defining, in principle, equality of proofs and identifying equivalent propositions that are not reduced to the type fragment. This suggests that, under this interpretation, forms of reasoning may remain incomparable when starting with distinct — even though equivalent — refutable assumptions. Provided the general incomputability of the typeinf extension, peculiar consequences of the extensional version of Type Theory, such as the refutation of Church’s Thesis, become less surprising. Nonetheless, it is maybe useful to notice that for every term in typeinf that can be correctly instantiated, there will be a corresponding term in type for which standard intensional and extensional identity can be defined; similarly, for any such term that cannot be instantiated, there will be the corresponding neutralizing refutation in type, which again satisfies equality and identity. The philosophical literature questioning the axiomatic view on mathematical proofs and their interpretation as mechanically checkable derivations is growing. In this direction, there is a large convergence on understanding the real process of proving mathematical statements as a problem-solving task that makes a crucial use of hypotheses, supported by a mixture of deductive moves and induction. See e.g. [36], [7], [17]. The present work offers some formal means of representing assumptions-based reasoning, by enriching the formal structure of constructive proofs with a weaker format of admissible truth. Nonetheless, from a purely formal viewpoint, the ultimate understanding of validity for our system relies on the appropriate reduction to the standard fragment of Constructive Type Theory with the type sort only, hence to a standard identity of proofs and executable (mechanically checkable) programs. ✐ ✐ ✐ ✐ ✐ ✐ “04primiero” 2012/12/9 page 588 ✐ ✐ 588 GIUSEPPE PRIMIERO connective ⊃ induces the standard dependent functional construction by abstraction. Its classical-like behavior is preserved by the introduction rule, where the antecedent is formulated in the first premise by an instance of the Information Type Formation rule and thus in principle by a double negation introduction. But the corresponding elimination rule explicitly requires a substitution of the double negated type x : A with a term a, so preventing that it collapses into classical implication (namely by avoiding its holding with a false antecedent). β-conversion provides the appropriate translation to standard dependent type formation by application, expressing reducibility of typeinf to type. The restriction imposed by E⊃ and explicitly formulated by the β-conversion rule, prevents the system from collapsing into classical logic by ensuring that A ⊃ B true whenever A → B true, and allowing that A ⊃ B true without A → B true, so invalidating the equivalence between the two implicational relations. In [8] it is shown how the equivalence of a classical-like and an intuitionistic-like implications can be produced by unrestrictedly accepting one of the schemas A true → (B → A true) or A true ⊃ (B → A true).15 The collapse is then justified as follows: 1. (A → B true) ⊃ (A ⊃ B true) 2. (A ⊃ B true) ⊃ (A → B true) 3. (A ⊃ B true) ⊃ (A true → (A ⊃ B true)) 4. A → B 5. (A → B) iff (A ⊃ B).16 In particular step 2. is obtained from step 1. by using an unrestricted version of A true ⊃ (B → A true). As A occurs in this schema as the antecedent of ⊃ and the consequent of →, obviously by E ⊃ the restriction holds that A type.17 In the following subsection we will present the extension to epistemic modalities derived from the introduced type constructors expressing the validity of truth over contextual extensions. 15 Here and below, the notation of [8] is abandoned in view of an adaptation to ours. As this is supposed to express the collapse of the two implication relations, the equivalence is metatheoretical and can be expressed in either language. 17 In [8] the corresponding restriction on the axiom schema is that for A every occurrence of classical implication, equivalence or negation be in the scope of an intutionistic negation or implication, i.e. that A true ⊃ (B → A true) holds if A is so called persistent. 16 ✐ ✐ ✐ ✐ ✐ ✐ “04primiero” 2012/12/9 page 589 ✐ ✐ A CONTEXTUAL TYPE THEORY WITH JUDGEMENTAL MODALITIES 589 2.2. Modalities for provability up to refutation The distinction between the notions of ‘truth by verification’ and ‘verifiability-up-to-refutation’ can be internalized by the use of epistemic modalities as operators that apply to judgements of the form A true. In the preceding section, strictly constructive truth is limited to the epistemic protocol by which a verification can be formulated analytically,18 i.e. without assumptions. This explanation of the truth of a proposition supports the identity between the judgements “A true” and “A has a verification in an empty context of assumptions”: A true ⇔ ∅ ⊢ a : A where (∅) describes the epistemic situation in which no condition for a is needed, as such external conditions either do not exist, or they have all been satisfied. Provided categorical justifications have epistemic priority over dependent ones,19 if A true holds, it also holds under refutable data being added, because by definition no declaration ¬A typeinf will be allowed if A type holds and thus a : A is formulated. This will make A verified in any extension of the empty context:20 A true ⇔ ∅ ⊢ A true ⇔ (A true). The following obvious step is to relate dependent truth with a possibility form of judgement. The judgement “it is possible that proposition A is true”, should mean that only in some context the truth of A can be stated: the context Γ in which A true holds will contain all the conditions that satisfy a : A, and will be preserved by any other context in which these conditions are not refuted: A true∗ ⇔ Γ ⊢ A true ⇔ ♦(A true) 18 This notion of analytic judgement is introduced by Martin-Löf in [24]. Truth by verification has epistemic priority on provability up to refutation, whereas dependent constructions with satisfied conditions (i.e. with valid β-conversions) are conceptually prior (because more general) to categorical constructions. 20 Judgmental necessity satisfies the correlation between validity and justification under no condition, as for the system presented in [30]; it is nonetheless justified in a completely different way, as the judgement “it is necessary that proposition A is true” is based on the analysis of its assertion conditions, by explaining necessity as validity against any possible state that contains refutable data for the construction of A. 19 ✐ ✐ ✐ ✐ ✐ ✐ “04primiero” 2012/12/9 page 590 ✐ ✐ 590 GIUSEPPE PRIMIERO where Γ contains propositions of the form Ai true∗ .21 Where β-conversion applies, there is an immediate reduction to the previous case of A true and the necessity judgement. The use of modal judgements is meant to internalize the distinction among categorical and hypothetical (refutable) truth. The generalization to hypothetical reasoning allows us to clarify the notion of assumption. We shall rely on the different introduction rules for the semantic judgements A true and A true∗ . In the following section the full system for a modal language of proven and refutable contents is formulated. 3. Contextual Modal Type Theory for verification and refutation The system for a modal type theory that includes a validity relation up to refutation is formulated by using the two distinct truth predicates, with propositional variables closed under logical connectives, proof terms and proof variables with distinct operations of application and abstraction depending on the required semantic specification. Terms a, b, . . . and variables x, y, . . . are respectively proof terms and place-holders for admissible proofs; types A, B, . . . are propositions; for dependent judgements we use the given explanation of a judgement A true holding under open assumptions x1 : A1 , . . . , xn : An collected in context on the left-hand side of a ⊢ derivability sign, so that from now on our standard judgement is of the form Γ ⊢ (A true), with its modal variants; we suppose that all variables in a context are distinct. The modules of verified and refutable contents are introduced in terms, respectively, of a premise and a hypothesis rule: Γ, a : A, ∆ ⊢ A true Γ, x : A, ∆ ⊢ A true∗ Premise Rule Hypothesis Rule The premise rule introduces explicitly verified contents; the hypothesis rule reflects the introduction of contents that are only assumed to be true; both rules can have Γ, ∆ = {∅}. Correspondingly, the true predicate can be understood as validity (that is truth in every situation) and it corresponds to truth by verification; the predicate true∗ corresponds to validity in a context of assumptions, or local validity. Standard logical connectives apply on construction-assigned formula, with the extension to hypothetical reasoning (⊃). The identity between categorical judgement and judgement valid under no context allows the internalization of the modal operator of necessity 21 For more on the philosophical justification of this notion of judgemental modalities, see [33]. ✐ ✐ ✐ ✐ ✐ ✐ “04primiero” 2012/12/9 page 591 ✐ ✐ A CONTEXTUAL TYPE THEORY WITH JUDGEMENTAL MODALITIES 591 at judgemental level, whereas the hypothesis judgement works in the same way for the internalization of the possibility operator:22 a:A -Formation (A true) x:A ♦-Formation ♦(A true) We can extend categorical verifications to contextual ones by allowing the use of formulas a : A in context, so that a : A ⊢ a : A is a valid construction, but this remains in the scope of our categorical module of the language, corresponding to an identity function. Truth formation allows the construction a : A ⊢ A true, but we shall not allow the derivation from x : A to A true, rather restrict the inference to truth only where verified (valid) assumptions are used. To this aim, modalities are extended to contextual judgement. We shall refer to Γ as the necessitation of the context Γ, that is a context containing only valid assumptions; we call these premises: Definition 1: (Necessitation Context) For any context Γ, Γ is given by S {A true | for all A ∈ Γ}. A judgement valid under assumptions becomes a necessary judgement under necessitation of its context of assumptions. Expressions in contexts that are not explicitly verified preserve the notion of refutable truths. We refer now to a context containing assumptions of the form x : A as follows: Definition 2: (Normal Context) For any context Γ, ♦Γ is given by [ {◦A true | ◦ = {, ♦} and ♦A true for at least one A ∈ Γ}. A judgement valid under assumptions becomes a possibility judgement if its context remains normal, that is at least one of its propositional contents is true∗ .23 Because of the distinction between justified and refutable contents, the introduction of judgemental  is allowed under the verification of judgements in the related context; its elimination rule induces a valid proposition: 22 In line with the general philosophical characterization of this work, the formation rules for modalities are intended as applying to any sort of proposition that can be derived as a theorem within the language; they thus have a logical characterization, but not necessarily a strict mathematical one. 23 In various literature in modal logic, Necessitation and Normal Context are usually called Global and Local Context. This distinction, however it is called, is crucial for preserving the problem of derivability under assumption in modal languages. I have strengthened here the reasoning, by obtaining modal judgements (rather than formulas) from the preservation/verification of assumptions. Cf. [15]. ✐ ✐ ✐ ✐ ✐ ✐ “04primiero” 2012/12/9 page 592 ✐ ✐ 592 GIUSEPPE PRIMIERO Γ ⊢ A true I Γ ⊢ (A true) Γ ⊢ (A true) ∆, a : A ⊢ B true E Γ, ∆ ⊢ B true where Γ iff [xi /ai ] : Ai , ∀Ai ∈ Γ, as by Definition 1.24 To express the relation of truth instantiated by an hypothesis x : A, we refer to validity in a context by introduction and elimination rules for the ♦-operator: Γ, x : A ⊢ B true∗ I♦ Γ, ♦(A true) ⊢ ♦(B true) Γ, ♦(A true) ⊢ ♦(A true) ∆, x : A ⊢ B true∗ E♦ Γ, ∆ ⊢ B true∗ where the introduction rule shows the dependency of possible contents from refutable contents, whereas the corresponding elimination expresses the use of this information to infer further possible knowledge under the condition expressed by Definition 2.25 Local soundness and completeness of our modal rules can be proved in the usual way by local reductions and expansions. Soundness is obtained by local reduction on (A true): D1 E Γ ⊢ A true I Γ ⊢ (A true) ∆, a : A ⊢ b : B E Γ, ∆ ⊢ B true ⇒Redex D2 Γ, ∆ ⊢ B true D2 is obtained from D1 and E by substitution on terms (see Theorem 1 below): a proof term for A is induced from Γ in D1 , i.e. by reducing all open variables in Γ by β-conversion, in turn providing a proof term for B in E, hence allowing the truth judgement. In computational terms, this rule 24 This rule for the necessity operator is similar the one introduced in [30], where A is derived by a valid A, hence this validates ∆; · ⊢ A true ⇒ ∆; Γ ⊢ A true and requires an additional assumption A valid in the corresponding elimination. We express the validity by the necessitation context (which implies its extension to any other context by any B typeinf judgement) and analytically formulate it in the elimination rule, by adding the additional premise a : A. In the comparison with the system presented in [14], the obvious similarity is that the therein contained modality k satisfies the same principle of our I, namely it builds-in the substitutions needed for formulas in contexts. On the other hand, the propositional format does not require any ♦ operator, its role being syntactically satisfied by standard contexts. 25 Also in this case we have an analogy with the corresponding rules from [30]: we require the possibility judgement to be bounded explicitly to a x : A in context, whereas their approach infers it directly from contextual truth; the corresponding elimination rule uses the semantic judgement involving the true∗ predicate, whereas in their case a C poss judgement is inferred from contextually bounded truth. ✐ ✐ ✐ ✐ ✐ ✐ “04primiero” 2012/12/9 page 593 ✐ ✐ A CONTEXTUAL TYPE THEORY WITH JUDGEMENTAL MODALITIES 593 formalizes β-reduction of B (value) with respect to all occurrences of its procedures (codes) in A. Completeness is given by local expansion on (A true): D1 Γ, ∆ ⊢ (A true) ⇒Exp Prem Rule D2 Γ, a : A, ∆ ⊢ A true I Γ, a : A, ∆ ⊢ (A true) Γ, ∆ ⊢ (A true) E Γ, ∆ ⊢ (A true) By this expansion one shows how E provides all the information needed to reconstruct (A true). Computationally, it reconstructs the value on code A. Notice that by the non-reducibility of x : A to simple truth, one reaches completeness for the -rules, which do not violate the meaning of hypotheses, as it is the case with the rules for necessity in [32]. On the other hand, given Definition 1, a side condition on multiple simultaneous substitutions is unavoidable, see [3]. Soundness is given by local reduction on ♦(A true): D1 Γ, x : A ⊢ B true∗ E ♦I Γ, ♦(A true) ⊢ ♦(B true) Γ, ∆ ⊢ A true∗ ♦E ⇒Redex Γ, ∆ ⊢ B true∗ D2 Γ, ∆ ⊢ B true∗ D2 is justified from D1 and E by the Hypothesis Rule and I♦: by E, Γ, ∆ in reduced form will contain at least one formula of typeinf , which justifies true∗ in D2 .26 Finally, completeness by local expansion on ♦(A true): D1 ♦Γ, ∆ ⊢ ♦(A true) ⇒Exp D2 Hypo Rule ♦Γ, ∆ ⊢ ♦(A true) Γ, x : A, ∆ ⊢ A true∗ ♦E Γ, ∆ ⊢ A true∗ ♦I ♦Γ, ∆ ⊢ ♦(A true) This expansion shows how to reconstruct all the information needed to formulate ♦(A true). 26 Computationally, this reduction formalizes the naming of codes that are presented partially evaluated to program B. ✐ ✐ ✐ ✐ ✐ ✐ “04primiero” 2012/12/9 page 594 ✐ ✐ 594 GIUSEPPE PRIMIERO The local reductions and expansions are usually completed in terms of standard β-reduction and η-expansion, where by the former one shows how formulas terminate presenting their computational content, and by the latter how to abstract variables, implementing the extensionality principle. As our variables are not abstracted from corresponding terms with computational content, we cannot implement expansion. Its role is actually played by the Informational Type Formation rule.27 The standard substitution operation of variables by constants is as usual indicated by [x/a]B as the substitution of occurrences of x in B by a; in our system this gives the relation between verification and truth. The corresponding modal version shows that term substitution satisfies the inclusion of ♦ in . Theorem 1: (Substitution on terms) The following substitutions hold: 1. If Γ, x : A, ∆ ⊢ B true∗ and Γ, ∆ ⊢ a : A, then Γ, ∆ ⊢ [x/a]B true. 2. If Γ, ♦(A true), ∆ ⊢ ♦(B true) and Γ, ∆ ⊢ (A true), then Γ, ∆ ⊢ (B true). Proof. 1. by induction on the first given derivation, using the Hypothesis Rule and the inclusion of B true∗ in B true; from the second premise all occurrences of A are declared being type, in particular those in Γ, ∆ ⊢ B true∗ by β-conversion, then B true follows as valid in any extension of Γ, ∆. 2. again by induction on the first given derivation: by ♦E on the first premise one obtains an occurrence of x : A, using β-conversion on A true∗ one obtains B true in the second premise; by I one finally obtains (B true).  Substitution on the different truth predicates and modal judgements defines structural rules for the system: Theorem 2: (Weakening) The inference systems satisfies Weakening: 1. If Γ ⊢ B true, then Γ, a : A ⊢ B true. 27 It is worth remember that this limitation is avoided for any term in typeinf that is actually β-reduced, as it then induces a corresponding term in type. ✐ ✐ ✐ ✐ ✐ ✐ “04primiero” 2012/12/9 page 595 ✐ ✐ A CONTEXTUAL TYPE THEORY WITH JUDGEMENTAL MODALITIES 595 2. If Γ ⊢ B true∗ , then Γ, x : A ⊢ B true∗ . 3. If Γ ⊢ (B true), then Γ, (A true) ⊢ (B true). 4. If ♦Γ ⊢ ♦(B true), then ♦Γ, ♦(A true) ⊢ ♦(B true). Proof. By induction on derivations: in 1. uses the Premise Rule; in 2. uses the Hypothesis Rule; in 3. uses I, in 4. uses I♦.  Theorem 3: (Contraction) The inference system satisfies Contraction: 1. If Γ, a1 : A, a2 : A ⊢ B true, then Γ, a : A ⊢ [a1 ≈ a2 /a]B true. 2. If Γ, x1 : A, x2 : A ⊢ B true∗ , then Γ, x : A ⊢ [x1 ≈ x2 /x]B true∗ . 3. If Γ, a1 : A, a2 : A ⊢ (B true), then Γ, (A true) ⊢ (B true). 4. If Γ, x1 : A, x2 : A ⊢ ♦(B true), then Γ, ♦(A true) ⊢ ♦(B true). Proof. By induction on derivations: Reflexivity and Symmetry for proof terms in 1.; uniqueness of proof variables for typeinf in 2.; in addition Truth Definition and I for 3.; Hypothetical Truth Definition and I♦ for 4..  Theorem 4: (Exchange) The inference system satisfies Exchange: 1. If Γ, a1 : A, a2 : A ⊢ B true, then Γ, a2 : A, a1 : A ⊢ B true. 2. If Γ, x1 : A, x2 : A ⊢ B true∗ , then Γ, x2 : A, x1 : A ⊢ B true∗ . 3. If Γ, a1 : A, a2 : A ⊢ (B true), then Γ, a2 : A, a1 : A ⊢ (B true). 4. If Γ, x1 : A, x2 : A ⊢ ♦(B true), then Γ, x2 : A, x1 : A ⊢ ♦(B true). Proof. By induction and using the same properties on terms and variables as for Contraction.  4. Conclusions and further work In this paper we have presented a type system that extends a constructive syntactic-semantic method inspired by Martin-Löf’s type theory with an admissible treatment of refutable conditions for judgements. We have drawn a distinction between contents that are categorically justified and contents ✐ ✐ ✐ ✐ ✐ ✐ “04primiero” 2012/12/9 page 596 ✐ ✐ 596 GIUSEPPE PRIMIERO that are accepted as meaningful, but whose truth is debatable. The introduction of epistemic modalities allows us to internalize contextual truth in the standard constructive approach. The effect of extending a finitistic type-theoretical language by the typeinf sort basically recalls the switch from extensional to intensional models, wellknown for Martin-Löf’s Type Theory. Such a step, which essentially establishes the propositions-as-sets identity and the equivalence between truth and inhabitation (Curry-Howard correspondence), notoriously leads to impredicativity by defining a type of all types.28 In the categorical models of the simple type theory, all types can be interpreted by countable sets: in the contextual format one obtains the same models as Cartesian closed categories, with objects Γ, ∆ and mapping Γ → ∆ as co-products to introduce dependent types. These are the standard categorical models for intuitionistic propositional logic. In the case of our modal contextual type-theory, it is not enough to explain an appropriate extension of the standard categorical approach to model the modalities, as it is the case with categorical models of constructive S4, see [1]. This is due to the unusual nature of the underlying polymorphism induced by typeinf and hence requires non-standard models. Intuitively, the basic extension provided by the typeinf sort in our language can be thought of as a combination of a typed terms structure (à la Church), by which terms have unique types, with a typing assignment procedure (à la Curry), where computation does not necessarily terminate. The extension of standard models of Constructive Type Theory by a function that introduces terms in typeinf recalls the partial function space constructor which is usually lacking in type theories, a well-known fact from the theories of types such as from Martin-Löf’s, the Calculus of Constructions, the Nuprl implementation and the λ-calculus format.29 T ypeinf can be seen as a constructor for partial objects and it modifies the standard models of type theory with dependent products by allowing terms on which substitutions are not defined. Under the propositions-as-types principle, such objects should be intended as partial proofs, and the sort of informational expressions identified under the typeinf sort expresses precisely the notion of a process of proving that is admitted without a proper constructor, only provided none of its validity conditions is refuted. The analysis of these categories is reserved to another occasion. The issue of open proof terms is also receiving attention in systems of higher-order rewriting. 28 This was first resolved by preserving the notion of universe of small types extended by dependent ones, the basis for an intensional minimal simple type theory of which, for example, the calculus in [16] is a corresponding λ-calculus of proofs, and which can be translated to an extensional classical system by the already mentioned negative translation of [20] (together with other possible extensions). 29 See e.g. [4], [11], [13], [12], [10], [9], [28]. ✐ ✐ ✐ ✐ ✐ ✐ “04primiero” 2012/12/9 page 597 ✐ ✐ A CONTEXTUAL TYPE THEORY WITH JUDGEMENTAL MODALITIES 597 The extension to multi-modalities as distinctly indexed operators is the next obvious step for multi-agents and multi-source contextual modal typetheory. A multi-modal type theory based on the polymorphic setting here introduced is developed in [34], interpreted in terms of trust relations among agents in a network, where information flows in a strictly ordered way. Trust is defined as a second-order property and the formalization interprets communication processes between sources (the prioritized structure generated by contexts of the dependently typed language) and a receiver (the indexed contextually derived judgement). The modal operator attached to a set of assumptions is induced from the priority relation among expressions; the modality prefixing the derived judgement is meant to represent the epistemic status of the receiver in the communication protocol, strictly determined by introduction and elimination rules for modalities that are based on canonical verification processes. A different interpretation is provided in [35] for a computational interpretation of programs equipped with locations for data accessibility in the context of distributed processing. ACKNOWLEDGEMENTS The author wishes to acknowledge the following persons for their help with discussion and comments at various stages of this research: Sara Negri, Peter Schröder-Heister, Valeria de Paiva, Frank Pfenning, Michele Friend and two anonymous referees. Centre for Logic and Philosophy of Science Ghent University (Belgium) E-mail: Giuseppe.Primiero@UGent.be REFERENCES [1] N. Alechina, M. Mendler, V. de Paiva, and E. Ritter. Categorical and Kripke Semantics for Constructive S4 Modal Logic. In Proceedings of the 15th International Workshop on Computer Science Logic, volume 2142 of Lecture Notes In Computer Science, pages 292–307, 2001. [2] G. Bellin, V. de Paiva, and E. Ritter. Extended Curry-Howard Correspondence for a Basic Constructive Modal Logic. preprint; presented at M4M-2, ILLC, UvAmsterdam, 2001, 2001. [3] G.M. Bierman and V. de Paiva. Intuitionistic necessity revisited. Technical Report CSRP-96-10, School of Computer Science, University of Birmingham, 1996. ✐ ✐ ✐ ✐ ✐ ✐ “04primiero” 2012/12/9 page 598 ✐ ✐ 598 GIUSEPPE PRIMIERO [4] E. Bishop. Foundations of Constructive Mathematics, volume 3 of Ergebnisse der Mathematik und ihrer Grenzgebiete. Springer Verlag, 1985. [5] S. Buvac̆. Quantificational logic of context. In Proceedings of the Thirteenth National Conference on Artificial Intelligence, pages 600–606, 1996. [6] S. Buvac̆, V. Buvac̆, and I. Mason. Metamathematics of contexts. Fundamenta Informaticae, 23(3):412–419, 1995. [7] C. Cellucci. Why Proof? What is Proof?. In G. Corsi and R. Lupacchini (eds.), Deduction, Computation, Experiment. Exploring the effectiveness of Proof, pp. 1 âĂŞ 27. Springer-Verlag, Berlin: 2008. [8] L.F.d. Cerro and A. Herzig. Combining classical and intuitionistic logic. In F. Baader and K.U. Schulz, editors, Frontiers of Combining Systems, vol. 3, pages 93–102. Kluwer Academic Publisher, 1996. [9] R. L. Constable and Scott Fraser Smith. Partial objects in constructive type theory. In Proceedings of the Second LICS Symposium, IEEE, 1987. [10] Robert L. Constable et al. Implementing Mathematics in the Nuprl Proof Development System. Englewood Cliffs, NJ, 1986. [11] T. Coquand. Une Théorie des Constructions. PhD thesis, Université Paris VII, 1985. [12] T. Coquand. Metamathematical investigations of a calculus of constructions. In P. Odifreddi, editor, Logic and Computer Science, volume 31 of APIC Studies in Data Processing, pages 91–122. London, 1990. [13] T. Coquand and G. Huet. The Calculus of Constructions. Information and Computation, 76(2/3):95–120, February/March 1988. [14] V. de Paiva. Natural Deduction and Context as (Constructive) Modality, volume 2680 of Lecture Notes in Artificial Intelligence, pages 116– 129. Springer Verlag, 2003. [15] M. Fitting. Basic modal logic, volume 4 of Handbook of Logic in Artificial Intelligence and Logic Programming, pages 368–449. Oxford University Press, 1994. [16] J.-Y. Girard. Une extension de l’interpretation de Gödel `a l’analyse, et son application `a l’`elimination des coupures dans l’analyse et la th`eorie des types. In Proceedings of the Second Scandinavian Logic Symposium. North-Holland, 1970. [17] N. Goethe, M. Friend. Confronting Ideals of Proof with the Ways of Proving of the Research Mathematician Studia Logica, vol. 96, pp. 273–288, 2010. [18] N.D. Jones, C. Gomard, and P. Sestoft. Partial Evaluation and Automatic Program Generation. International Series in Computer Science. Prentice-Hall International, 1993. ✐ ✐ ✐ ✐ ✐ ✐ “04primiero” 2012/12/9 page 599 ✐ ✐ A CONTEXTUAL TYPE THEORY WITH JUDGEMENTAL MODALITIES 599 [19] N.D. Jones, P. Sestoft, and H. Søndergaard. Mix: A self-applicable partial evaluator for experiments in compiler generation. Lisp and Symbolic Computation, 2:9–50, 1989. [20] A. Kolmogorov. On the principle of excluded middle. In J. Van Heijenoort, editor, From Frege to Gödel: a source book in mathematical logic 1879-1931, pages 414–437. Harvard University Press, 1967. [21] E.G.K. López-Escobar. Refutability and elementary number theory. Indagationes Mathematicae (Koninglijke Nederlandse Akademie van Wetenschappen), 34:362–374, 1972. [22] P. Martin-Löf. Intuitionistic Type Theory. Bibliopolis, 1984. [23] P. Martin-Löf. Truth of a proposition, evidence of a judgement, validity of a proof. Synthese, 73(3):407–420, 1987. [24] P. Martin-Löf. Analytic and Synthetic Judgments in Type Theory, pages 87–99. Kluwer Academic Publisher, 1994. [25] P. Martin-Löf. On the meaning of the logical constants and the justifications of the logical laws. Nordic Journal of Philosophical Logic, 1(1):11–60, 1996. [26] J. McCarthy. Notes on formalizing context. In Proceedings of the 13th Joint Conference on Artificial Intelligence (IJCAI-93), 1993. [27] M. Mendler and V. de Paiva. Constructive CK for Contexts. In Proceedings of the first Workshop on Context Representation and Reasoning – CONTEXT05, 2005. [28] E. Moggi. The partial λ-calculus. PhD thesis, School of Computer Sciences, University of Edinburgh, 1988. [29] A. Nanevski, F. Pfenning, and B. Pientka. Contextual modal type theory. ACM Transactions on Computational Logic, 9(3):1–48, 2008. [30] F. Pfenning and R. Davies. A judgemental reconstruction of modal logic. Mathematical Structures in Computer Science, 11:511–540, 2001. [31] G. Plotkin and C.P. Stirling. A framework for intuitionistic modal logic. In J.Y. Halpern, editor, Theoretical Aspects of Reasoning about Knowledge, 1986. [32] D. Prawitz. Natural Deduction. Almqvist & Wiksell, 1965. [33] G. Primiero. Epistemic modalities. In G. Primiero and S. Rahman, editors, Acts of Knowledge: History, Philosophy and Logic, volume 9 of Tributes, pages 207–232. College Publications, 2009. [34] G. Primiero and M. Taddeo. A modal type theory for formalizing trusted communications. Journal of Applied Logic. vol. 10, issue 1, pp, 92–114, 2012. [35] G. Primiero. A multi-modal type system and its procedural semantics for safe distributed programming. In Intuitionistic Modal Logic and Applications Workshop (IMLA11), Nancy, 2011. Manuscript. ✐ ✐ ✐ ✐ ✐ ✐ “04primiero” 2012/12/9 page 600 ✐ ✐ 600 GIUSEPPE PRIMIERO [36] Y. Rav, A Critique of a Formalist-Mechanist Version of the Justification of Arguments in Mathematicians’ Proof Practices. Philosophia Mathematica, (III) 15 (2007), pp. 291 âĂŞ 320. [37] A.K. Simpson. The Proof Theory and Semantics of Intuitionistic Modal Logic. PhD thesis, University of Edinburgh. College of Science and Engineering. School of Informatics, 1994. [38] A. Tasistro. Formulation of Martin-Löf’s Type Theory with Explicit Substitutions. Lic thesis, Department of Computing Science, Chalmers University of Technology and University of Göteborg, 1993. [39] A.S. Troelstra and D. van Dalen. Constructivism in Mathematics: An Introduction, volume I,II. North-Holland, Amsterdam, 1988. [40] M. van der Schaar. The assertion-candidate and the meaning of mood. Synthese, 159(1):61–82, 2007. [41] D. Wijesekera. Constructive modal logics I. Annals of Pure and Applied Logic, 50:271–301, 1990. ✐ ✐ ✐ ✐