3.1.1. Lean as a programming language🔗

Lean is a functional programming language (i.e. it actually only consists of functions). This paradigm is in contrast to imperative programming such as Python, Java and C. Lean comes with many features you might be familiar with, such as a library for output and input, but is still young and many things need to be developed.

3.1.2. Dependent type theory🔗

In all programming languages, you have data types such as int, string and float. In Lean, these exist as well, but you can (and will in this course) define own data types. In all cases, we write x : α for a term x of type α, so we write False : Bool, 42 : ℕ, but also f : ℕ → ℝ (for a function from ℕ to ℝ, which is an own type) and 0 ≠ 1 : Prop (the proposition that 0 and 1 are different natural numbers), which is a proposition. Terms and types can depend on variables, e.g. in ∀ (n : ℕ), n < n + 1 : Prop and f : (n : ℕ) → (Fin n → ℝ) (where Fin n is the type which carries {0, ..., n-1}), which is a function f with domain ℕ such that f n ∈ ℝ^n.

As we see, these new data types are more abstract in the sense that Lean understands ℕ (and ℝ) as infinite types, which are not limited by floating point arithmetic. E.g., ℕ actually represents an infinite set that is characterized by containing 0, and if it contains n, then it also contains the successor of n (represented by succ n). Accordingly, the real numbers are defined by an equivalence relation on Cauchy sequences, which is quite elaborate. (Although ℝ is implemented as such a quotient within Lean, we will not have to deal with these implementation details when working with real numbers, since we will rely on results in Mathlib, the mathematical library, taking care of these details.)

3.1.3. Universes, Types and Terms🔗

In Lean, there are three levels of objects: universes, types and terms. We are concerned here with the last two. Of particular interest is the type Prop, which consists of statements that can be True or False. It includes mathematical statements, so either the hypotheses, or the goal of what is to be proven. A hypothesis in Lean has the form hP : P, which means P is true, and this statement is called hP. Synonomously, it meansthat P is true and hP is a proof of P. The hypotheses here have names P Q R S, and the proofs of the hypotheses hP hQ hR hS. All names can be arbitrary. Furthermore, there are hypotheses of the form P → Q, which is the statement that P implies Q. (Note the similarity to function notation as in f : ℝ → ℝ.)

3.1.4. Function definitions🔗

In Lean, the function f : ℕ → ℕ, x ↦ 2x is defined as

(Write \mapsto for ↦.) It is assumed that the x is only introduced to define f. The application of f to an x : ℕ is then done using f x. (The notation f x is an abbreviation for f(x), since Lean is sparing with parenthesis.)

3.1.5. Equality🔗

Due to the multitude of types in Lean, we have to be careful about equality. In Lean, there are three types of equality:

• Syntactic equality: If two terms are letter-for-letter equal, then they are syntactically equal. However, there are a few more situations in which two terms are syntactically equal. Namely, if one term is just an abbreviation for the other (for example, x = y is an abbreviation for Eq x y, where Eq is a function which takes two terms of the same type, and assigns True if they are the same and False otherwise), then these both terms are syntactically equal. Also equal are terms in which globally quantified variables have different letters. For example, ∀ x, ∃ y, f x y and ∀ y, ∃ x, f y x are syntactically equal.

• Definitional equality: Some terms are equal by definition in Lean. For example, x : ℕ, x + 0 is by definition identical to x. However, 0 + x is not definitionally identical to x. This is apparently only due to the internal definition of addition of natural numbers in Lean.

• Propositional equality: If there is a proof of x = y, then x and y are said to be propositionally equal. Similarly, terms P and Q are said to be propositionally equal if you can prove P ↔ Q. Some Lean tactics only work up to syntactic equality (such as rw), others (most) work up to definitional equality (such as apply, exact,...) This means that the tactic automatically transforms terms if they are syntactically or definitional equality.

There is a special kind of equality to be observed with sets and functions. For example, two functions are exactly the same if they return the same value for all values in the domain. This behavior is called extensionality in the theory of programming languages. (If extensionality applies, then, for example, two sorting algorithms are the same if they always produce the same result).

3.1.6. Different parentheses in Lean🔗

There are (essentially) three different types of parentheses in Lean statements. The simplest is (...), which, as in normal use, indicates parentheses in the sense of what belongs together. However, you have to learn how Lean brackets internally when no '()' are given. Operators like and (∧), or (∨), are right-associative, so e.g. P ∧ Q ∧ R := P ∧ (Q ∧ R). The application of functions in sequence, such as f : ℕ → ℝ and g : ℝ → ℝ , applied to n : ℕ is g (f n), because g expects an input of type ℝ, and this is what f n provides. You cannot omit (...), i.e. in this case the parenthesis is left-associative.

Now let's comment on the parentheses [...] and {...}. For example, #check@ gt_iff_lt (the statement that a>b holds if and only if b<a holds), where both types occur. This yields

gt_iff_lt : ∀ {α : Type u_1} [_inst_1 : has_lt α] {a b : α}, a > b ↔ b < a

When this result is applied, the statements in {...} and [...] are added by Lean itself. The statements in {...} depend on the type of the objects that have to be given, and can therefore be inferred. (Above, when applying gt_iff_lt, the variables a and b have to be given.) Therefore, their type is also known, and one does not have to α is not explicitly specified. Since the application is made to a concrete α (for example, ℕ), and Lean knows a lot about the natural numbers, the type class system can look up many properties of ℕ, and also finds that has_lt ℕ holds (i.e. on ℕ at least a partial order is defined).

3.1.7. Proving propositions and evaluating functions🔗

Although we almost exclusively prove propositions in tactic mode in these notes, it is instructive to know about the simplest example of how to turn the proof to term mode: There are two rules:

• The tactic exact is the same as calling a function.

• The tactic intro is like taking a variable, which will be the argument of a function which is evaluated in the next step.

Let us consider two examples:

The term proof

is the same as

The term proof

is the same as

3.1.8. Inductive types🔗

Many everyday types in Lean -- Nat, List, Option, Bool, even Empty -- are inductive types. You declare one by giving a name, the type's universe, and a list of constructors: each constructor says how to build a new element of the type out of existing pieces.

The classical example is the natural numbers:

This declaration introduces three things at once:

• a new type Demo.MyNat;

• two constructors Demo.MyNat.zero and Demo.MyNat.succ, so every element of MyNat is either zero or succ n for some n;

• a recursor Demo.MyNat.rec which lets you define functions on MyNat by specifying what happens in each constructor case.

Definitions on an inductive type are typically written with the pattern-matching syntax of the previous section:

Proofs about an inductive type use the induction tactic, which applies the recursor for you: one subgoal per constructor, with an induction hypothesis for each recursive argument.

Inductive types also cover non-recursive data:

and parameterized types:

Inductive types are the main mechanism by which new data types enter Lean; Mathlib uses them extensively, and understanding them is essential for reading the library.

3.1.9. Exploring definitions with #check, #print and inferInstance🔗

Lean provides a handful of commands that are invaluable for exploring a library like Mathlib. They all start with # and only print information -- they do not contribute to a proof.

• #check e prints the type of the term or expression e. This is the fastest way to learn what a lemma says, or what type a definition has.

• #check @lemma (with a leading @) prints the type of the lemma without hiding implicit and instance arguments. Use @ when you want to see every argument.

• #print name prints the definition of the constant name. For a typeclass, this shows you the list of fields; for a def, the body; for a structure, the constructor and fields.

• #eval e evaluates the term e (when it is computable) and prints the result. It works on concrete ℕ, List, etc., but not on abstract propositions.

A very common idiom is to ask Lean whether a given type has a specific instance (e.g. "is ℕ a commutative monoid?"):

The term inferInstance asks Lean to synthesize an instance of the indicated type; if no such instance exists the command will fail with a readable error message.

Two tactics complement these commands during an interactive proof:

• exact? searches Mathlib for a single lemma that closes the current goal and prints a exact <lemma> line you can copy.

• apply? is the same, but it suggests lemmas whose conclusion matches the goal, leaving side conditions as new subgoals.

Together, #check, #print, inferInstance, exact? and apply? are the main tools for navigating an unfamiliar part of Mathlib.

3.1.10. Getting help: Loogle, LeanSearch, Moogle, and friends🔗

Mathlib is enormous, and naming conventions -- however consistent -- will only take you so far. When you know what you want to say but not which lemma says it, a handful of search services can save hours of scrolling. All of them are available both as web pages and, more conveniently, as commands inside Lean via the LeanSearchClient package (already a dependency of Mathlib).

• Loogle (loogle.lean-lang.org) searches by type shape. You write a pattern (using _ for holes) and Loogle returns every Mathlib lemma whose statement unifies with it. Inside Lean:

  #loogle (?a + ?b) * ?c = _
  

  returns distributivity lemmas in all their variants. Loogle also accepts a comma-separated list of constants that must appear, e.g. #loogle Real.exp, Real.log, or a target conclusion #loogle |- tsum _ = _.

• LeanSearch (leansearch.net) searches by natural language. You phrase your goal in English ("derivative of composition of functions") and it returns the most relevant Mathlib lemmas, ranked by semantic similarity. From inside Lean:

  #leansearch "the derivative of a product of functions"
  

• Moogle (moogle.ai) is another natural-language search, with a different ranking model. In Lean:

  #moogle "bolzano-weierstrass"
  

  The two tools often surface different lemmas, so it is worth trying both.

• Mathlib docs (the generated API reference at leanprover-community.github.io/mathlib4_docs). If you already know the namespace (Filter, MeasureTheory, Topology.Basic, ...), browsing the module is faster than any search.

• Zulip (leanprover.zulipchat.com, the #new members and #Mathlib4 streams) is the community chat. For questions that no search answers, posting a minimal example together with the goal you're stuck on almost always gets a helpful reply within hours.

• AI assistants (ChatGPT, Claude, Gemini, Copilot, and the Lean-focused plugins and Copilot-for-Lean projects built on top of them) have become surprisingly effective at suggesting lemma names, spotting why a tactic fails, and translating informal arguments into Lean. They are fallible -- they will cheerfully invent lemmas that do not exist, or quote outdated Mathlib 3 syntax -- but used critically they are one of the fastest ways to get unstuck. A good workflow is: paste your goal state and the surrounding example, ask for two or three candidate approaches, and then verify each suggestion in Lean (via exact?, #loogle, or simply by trying to compile it). Treat AI output the same way you would treat a confident but occasionally wrong colleague -- use it, but always check. You are strongly encouraged to use these tools alongside #loogle, #leansearch, and the Mathlib docs.

As a rule of thumb: try exact? / apply? first (they know your exact proof state), then #loogle (precise, fast), then #leansearch / #moogle or an AI assistant (when you do not know the vocabulary Mathlib uses), and finally the docs or Zulip for open-ended questions.

3.1.11. Two abbreviations🔗

There are at least two abbreviations used in Mathlib which you will encounter frequently.

If you have h : x = y and hx : P x (with P x : Prop), you can prove P y by replacing h in hx. The shorthand notation for this is h ▸ hx. (Write \t for ▸).

Sometimes, bracketing is critical, and it appears frequently that it has the form apply first (second very long statement), and you might get lost since the closing brackets are far away from their opening counterparts. In this case, we write apply first <| second very long statement, which does not need a closing symbol.

3.1.12. Defining new notation🔗

Lean allows you to define custom notation using the notation command. This is useful when you want a concise mathematical symbol for a frequently used expression. The general syntax is

notation "symbol" arg1 arg2 ... => expression

where the left-hand side describes the syntax pattern (with arguments) and the right-hand side is the Lean expression it expands to. Here is a simple example:

After this definition, δ is replaced by 2 everywhere. The notation is purely syntactic: Lean replaces every occurrence of the new notation by the right-hand side before type checking. Here is a more interesting example with an argument:

You can also define infix notation with a priority (determining how tightly the operator binds):

Here, infixl means left-associative infix, 65 is the binding power (the same as +), and the spaces around ⊕⊕ are part of the syntax. Similarly, infixr gives right-associative infix, and prefix / postfix are available for unary operators.

3.1.13. The abbrev command🔗

The abbrev command introduces a definition that is reducibly transparent, meaning Lean's elaborator will unfold it automatically whenever needed. In contrast, a definition introduced with def is semireducible and will not be unfolded automatically.

After this, MyNat and ℕ are interchangeable everywhere — Lean treats them as definitionally equal without needing any extra work. In particular, all type class instances that apply to ℕ are automatically available for MyNat. Compare this with

where MyNat' is a genuinely new type: Lean will not automatically apply ℕ instances to MyNat', and you would have to derive or register them yourself.

Use abbrev when you want a short name for a type or expression but do not want to create a new abstraction barrier. Use def when you intentionally want to hide the definition (e.g. to prevent the simplifier from unfolding it).

3.2.1. Foundation🔗

In Lean every object has a type. Types itself fall into several categories, called universes. There are two main universes, called Prop and Type. Any mathematical statement comes with a claim and its proof. Say we want to claim something, such as Goldbach's conjecture:

we speak about a term ∀ (n : ℕ) (h₁ : n > 2) (h₂ : Even n), ∃ (i j : ℕ), Prime i ∧ Prime ∧ (n = i + j) of type Prop, which constitutes its own type. A term of this type (which sould repalce the sorry in the above Lean code) is equivalent to a proof of Goldbach's conjecture.

This is to say:

Types as theorems, terms as proofs!

Constructing a term of type ℕ is easier (0 : ℕ) is accepted by Lean for this construction) than constructing a term of type ∀ (n : ℕ) (h₁ : n > 2) (h₂ : Even n), ∃ (i j : ℕ), (Prime i) ∧ (Prime j) ∧ (n = i + j), for which we would require proving Goldbach's conjecture and implementing the proof in Lean.

Since we are already speaking about fundamentals: For a large part, it is safe to think of Types as Sets. Recall that it leads to logical self-inconsistencies if we allow for something like the set/type of all sets/types. For this reason, the Type universe is split into levels, such as Type 0 : Type 1, saying that the type Type 0 (of all objects in level 0) is of Type 1, i.e., we are moving up a ladder when constructing more complex types. The coresponding idea goes back to von Neumann and Ernst Zermelo.

3.2.2. Mathlib🔗

The Lean-library which contains many mathematical results is called Mathlib. On its documentation page you can search for some results and concepts. (More precisely, you can search names of definitions, lemmas and theorems.) You will find results about e.g. Real numbers, Groups in algebra, Topology and Measure Theory.

Another way to search Mathlib is Moogle and Loogle (which you also have in vscode when clicking on the ∀ sign.)

3.2.3. First steps🔗

Let us start with some simple examples in order to explain the first tactics in Lean. Here is a quick preview of the tactics we will meet in this chapter. They are explained in detail below, and a full alphabetical reference — with many more tactics — lives in the Tactics chapter.

You can also skip this chapter on the first pass and come back to each tactic as you need it; treat Tactics as your glossary.

def Even.{u_2} : {α : Type u_2} → [Add α] → α → Prop :=
fun {α} [Add α] a => ∃ r, a = r + r

3.2.4. Names of Mathlib Results🔗

Names like zero_add, add_zero, one_mul, add_assoc, succ_ne_zero, lt_of_succ_le,... seem cryptic. It is clear that individual relatively understandable abbreviations (zero, one, mul, add, succ,...) are separated by _. In general, the following two rules apply to naming:

• The goal of the statement to be proven is described; if hypotheses are added in the name, then with of_. The statement lt_of_succ_le is therefore an < statement, where succ ≤ applies. In fact:

results in

Nat.lt_of_succ_le {n m : ℕ} (h : n.succ ≤ m) : n < m

This way, you can often guess the names of statements that you want to use.

3.2.5. Holes in proofs🔗

What is a hole in a proof? It is a missing argument...

3.2.6. Exercises🔗

It is now time to move to the exercises. So, proceed to vscode (or gitpod), copy the exercises folder and start coding. Further hints on tactics etc is given within the exercises. Tactics are given in alphabetical order in the next chapter.

3.3.1. Pure functions and #eval🔗

A pure function is one whose output depends only on its inputs. Given the same arguments, it always returns the same result. This is exactly how functions work in mathematics: if f(x) = x + 1, then f(3) is always 4.

In Lean, we define functions with def and evaluate them with #eval:

Functions of several arguments are curried: a function of two arguments is really a function that takes one argument and returns another function.

The type of add is ℕ → ℕ → ℕ, which reads as ℕ → (ℕ → ℕ). So add 3 is itself a function of type ℕ → ℕ.

3.3.2. Anonymous functions🔗

Sometimes we need a quick, throwaway function without giving it a name. We use fun (short for "function") with the ↦ arrow (typed \mapsto):

Anonymous functions are particularly useful when passing functions as arguments to other functions. In mathematics one would write x ↦ x^2; in Lean we write fun x ↦ x ^ 2.

3.3.3. More examples of recursion🔗

The Inductive types and Pattern matching sections above already covered the fundamentals. Here are a few further examples that we will reuse when discussing higher-order functions below.

A binary tree of natural numbers, together with a function that sums all its values:

The Fibonacci sequence is a classical example with two base cases:

3.3.4. Higher-order functions🔗

A higher-order function is one that takes a function as an argument or returns a function as a result. This is one of the central ideas of functional programming, and it is also very natural mathematically. For instance, the derivative is a higher-order function: it takes a function and returns a function.

The three most important higher-order functions on lists are List.map, List.filter, and List.foldl (also known as fold).

List.map applies a function to every element of a list:

Note the · notation: (· + 10) is shorthand for (fun x ↦ x + 10).

List.filter keeps only the elements satisfying a predicate:

List.foldl combines all elements of a list using a binary operation and an initial value. It "folds" the list from the left:

We can define our own higher-order functions. For example, here is a function that applies a function n times:

We can also write a function that composes two functions:

In Lean, function composition is available as Function.comp or simply as ∘ (typed \circ).

3.3.5. Summary🔗

Functional programming in Lean is built on a few core ideas:

• Pure functions: outputs depend only on inputs.

• Inductive types: define new types by specifying constructors.

• Pattern matching: define functions by cases on the constructors.

• Structural recursion: define recursive functions that provably terminate.

• Higher-order functions: pass functions as arguments or return them.

These ideas align closely with mathematical practice: inductive types correspond to inductively defined sets, pattern matching corresponds to case analysis, and recursion corresponds to inductive definitions.

3.4.1. Tactics Cheatsheet🔗

3.4.2. apply🔗

Summary: If we have the goal ⊢ Q, and a proof of h : P → Q, we only need to find a proof for P. This transition happens by apply h.

The apply-tactics works iteratively. This means that if apply h makes no progress, it uses the placeholder _ and tries to make apply h _.

Remarks:

• apply works up to equality by definition. This can be seen in the example above, where ¬P ↔ (P → False) is true by definition.

• apply h is frequently identical to refine ?_.

• If the use of apply closes the current goal, you might as well use exact instead of apply.