Interactive Theorem Proving in Lean

Lecture 2: Propositions as types, proofs as programs

GRACE Spring School, Clervaux (Luxembourg). June 1-5, 2026.
Florent Schaffhauser, Heidelberg University.

Recap from Lecture 1

• Statically-typed functional programming languages with type inference capabilities such as Lean 4 can be used to formalise mathematics.
• Type-checking means verifying that our code is syntactically correct.
• Curried functions, higher-order functions, and inductive types are used in a variety of contexts and for many purposes, in particular to formalise mathematics.
• To each inductive type there is associated a recursion principle. In practice, we can define functions out of an inductive type by pattern matching on the constructors of an inductive type.

Plan for Lecture 2

We introduce the rules for deductive reasoning and the corresponding Lean tactics.

1. Natural deduction
2. Basic tactics

Practice file

If you prefer to learn the basic tactics by manipulating them directly, here is a practice file.

Natural deduction

• Natural deduction is a branch of logic that concerns itself with the study of inference rules.
• A famous inference rule, of constant use in mathematics, is modus ponens, which we can write as follows.

• We can also write this as a theorem but, to prove that theorem, we first need to define implications and conjunctions.

Implications

• What does it mean to prove an implication ? The answer to this question depends on the choice of your logic.
• In the classical approach, it is usually defined as , which requires defining first and . Equivalently, it can (from the classical viewpoint) be defined as , which requires still defining first and .
• In the intuitionistic approach, which is the logic underlying Lean and other modern proof assistants, proving means to take a proof of and, from it, construct a proof of . This means constructing a function from to and can be pictured as follows:

Conjunctions

• What does it mean to prove the conjunction ?

• By definition, a proof of is constructed from two objects: a proof of and a proof of .

• In other words, this is an inductive definition, similar to what we saw for product types in Lecture 1. The proposition And P Q has only one constructor, called And.intro.

  inductive And (P Q : Prop) : Prop
  | intro : P → Q → And P Q
  

  So, formally, defining a proposition is no different from defining a type.

The modus ponens rule revisited

We are starting to see that propositions behave like types, with functions between those types representings implications:

• By definition, a proof of an implication can be seen as a function which sends a proof of P to a proof of Q. The arrow is then denoted simply by .
• And the proof of a conjunction is the pair constructed from a proof of and a proof of .
• So having a proof of means having a function and a proof . And having a proof of the modus ponens rule means defiining a function that sends and to a proof of . Note that .

Propositions-as-types

• With this interpretation of propositions as types, the modus ponens rule is just evaluation of a function at a point:

• More generally, Gentzen's rules of natural deduction are equivalent to the rules of the (simply-typed) -calculus, which was introduced by Church in the 1930s.
• This is known as the Brouwer-Heyting-Kolmogorov interpretation of propositional logic (BHK), or as the basic case of the Curry-Howard correspondence.

Falsity and negation

• The BHK interpretation of propositional logic is purely syntactic. There is no Boolean value (true or false) attached to a proposition.
• The negation of a proposition is defined without any reference to whether has a proof or not. Instead, we have:

• Here, is the proposition defined as the inductive type with no constructor. And by definition, proving means proving that, given a proof of , we can construct a proof of , which is considered an absurdity.

  inductive False : Prop
  

• The recursion principle attached to implies that .

Constructive vs. classical

• Let us now compare and . The following program provides a proof of the implication

  def cons_imp_classical {P Q : Prop} : (P → Q) → ¬(P ∧ ¬Q) :=
    fun (f : P → Q) ↦ 
      fun (And.intro (p : P) (g : Q → False)) ↦ g (f p)
  

• The reverse implication does not hold constructively. To prove it for all , you would need to use the LEM (or double negation). Note that the constructive approach is more general (less axioms).

• In Lean, you can choose to work constructively or classically. In Mathlib, most proofs use classical logic in one form or another (, for instance).

Disjunctions

• Disjunctions are the propositional analogues of the sum types from Lecture 1. They are defined inductively, using two constructors (Or.inl and Or.inr).

  inductive Or (P Q : Prop) : Prop
  | inl : P → Or P Q
  | inr : Q → Or P Q
  

• To construct a proof of , we must construct either a proof of or a proof of .

• This is classically but not constructively equivalent to .

• Similarly, the following implications hold constructively, but their converses do not.

De Morgan's rules

• A good way to manipulate these concepts is to prove the De Morgan rules, starting with the first one:

• This requires giving a definition of and of .
• In the second De Morgan rule, only one implication can be proved constructively, namely .

Logical equivalences

• The type of logical equivalences is also defined inductively. Its terms are pairs where and .

  inductive Iff (P Q : Prop) : Prop
  | intro : (P → Q) → (Q → P) → Iff P Q
  

• In Lean and other modern proof assistants, most (but not all) inductive types with only one constructor are passed as records, which are not technically part of Martin-Löf's type theory but are useful for the implementation (in Lean, records are declared using the keyword structure).

  structure Iff (P Q : Prop) : Prop where
    intro :: (mp : P → Q) (mpr : Q → P)
  

Equivalent types

• More generally, we can define a notion of equivalence between types. If and are types, a function is said to be an equivalence if it has a left inverse and a right inverse.
• Saying that is a right inverse for means that . This implies that is surjective. Saying that is a left inverse for means that . This implies that is injective.
• Note that, for such and , we have which, by function extensionality, implies that .
• If is a function between sets that is both injective and surjective, we should be able to construct an inverse for it. The notion of equivalence between types is fundamental in homotopy type theory.

1. Natural deduction
2. Basic tactics

Proofs as programs

• As we have seen in examples, a proof is a program. To prove a proposition, we must construct a term of the relevant type.
• To do so, we must follow the syntactic rules. Our theorem will be proved if the type-checker validates the program.
• To write Lean programs, we can get assistance from the kernel: this is done by entering Lean's tactic mode, which will show a goal (which is a type) and a context (which is a list of terms, of various types). Goal and context put together constitute the proof state.
• As we introduce tactics, our context and goal will change, until the goal is closed via unification, which occurs when a term is constructed, whose type coincides with the goal.

Basic tactics for deductive reasoning

The basic tactics we shall need are the following:

• exact and apply.
• intro and revert.
• constructor.
• rcases and cases.
• left and right.
• rfl.
• exact? and apply?.
• refine.

All these tactics are presented in the accompanying file for this lecture.

Modus ponens, one last time

• In a type system such as Lean's, the natural deduction rule known as modus ponens is derived, not postulated. Namely, it is a consequence of the fact that functions can be evaluated.

  theorem mp {P Q : Prop} : (P → Q) ∧ P → Q :=
    fun t ↦ match t with | ⟨f, p⟩ => f p
  

• Or, using the intro, rcases and exact tactics (curly brackets are optional).

  theorem mp {P Q : Prop} : (P → Q) ∧ P → Q :=
    by                        --                     ⊢ (P → Q) ∧ P → Q
      intro t                 -- (t : (P → Q) ∧ P)   ⊢ Q
      rcases t with ⟨f, p⟩    -- (f : P → Q) (p : P) ⊢ Q
      exact f p               -- No goals
  

Tautologies

A tautology is a proposition which is built up from older ones and which has a proof regardless of whether the old ones do. Proving such propositions help familiarise oneself with the basic tactics. Can you state and prove the following ones?

• , , .
• , , .
• , .
• .
• .
• , , .

Wrap-up and where to go from here

• Propositions are defined as types. We can form new propositions from old ones using , , and . The modus ponens rule corresponds to evaluating a function.
• The logic is not external to our type system. There are no logical values or truth tables. The rules of inference are syntactic rules, not axioms.
• To prove a theorem, you write a program. If the program type-checks, the theorem is proved.
• To write proofs in Lean, you can get assistance from the kernel by entering Lean's tactic mode.
• In the next lecture, we will learn how to encode the and quantifiers, so we can state and prove more sophisticated mathematical statements.

Exercises of deductive reasoning

• Let us now see the basic tactics in action (same file as at the start of the lecture).

• I also include one more practice file, whose exercises are meant to illustrate the difference between constructive and classical logic.

• Both are designed to help you get acquainted with Lean's basic tactics.

  

  Thank you for your attention!