Jekyll2020-08-03T14:17:20+02:00http://math.andrej.com/feed.xmlMathematics and ComputationA blog about mathematics for computersEvery proof assistant: Cur - Designing a less devious proof assistant2020-06-22T00:00:00+02:002020-06-22T00:00:00+02:00http://math.andrej.com/2020/06/22/cur-designing-a-less-devious-proof-assistant<p>We shall finish the semester with a "Every proof assistant" talk by William Bowman.
Note that we start an hour later than usual, at 17:00 UTC+2.</p>
<blockquote>
<h5 id="cur-designing-a-less-devious-proof-assistant">Cur: Designing a less devious proof assistant</h5>
<p><strong>Time:</strong> Thursday, June 25, 2020 from 17:00 to 18:00 (Central European Summer Time, UTC+2)<br />
<strong>Location:</strong> online at <a href="https://zoom.us/j/98904788985">Zoom ID 989 0478 8985</a><br />
<strong>Speaker:</strong> <a href="https://williamjbowman.com">William J. Bowman</a> (University of British Columbia)<br />
<strong>Proof assistant:</strong> <a href="https://github.com/wilbowma/cur">Cur</a></p>
<p><strong>Abstract:</strong></p>
<p>Dijkstra said that our tools can have a profound and devious influence on our thinking. I
find this especially true of modern proof assistants, with "devious" out-weighing
"profound". Cur is an experiment in design that aims to be less devious. The design
emphasizes language extension, syntax manipulation, and DSL construction and integration.
This enables the user to be in charge of how they think, rather than requiring the user to
contort their thinking to that of the proof assistant. In this talk, my goal is to
convince you that you want similar capabilities in a proof assistant, and explain and
demonstrate Cur's attempt at solving the problem.</p>
<p>The talk <a href="https://vimeo.com/432569820">video recording</a> and <a href="https://williamjbowman.com/#epa-less-devious">slides with notes and demo code</a> are available.</p>
</blockquote>
<p>Upcoming talks: Anders Mörtberg's talk on Cubical Agda will take place in September 2020.</p>Andrej BauerWe shall finish the semester with a "Every proof assistant" talk by William Bowman. Note that we start an hour later than usual, at 17:00 UTC+2. Cur: Designing a less devious proof assistant Time: Thursday, June 25, 2020 from 17:00 to 18:00 (Central European Summer Time, UTC+2) Location: online at Zoom ID 989 0478 8985 Speaker: William J. Bowman (University of British Columbia) Proof assistant: Cur Abstract: Dijkstra said that our tools can have a profound and devious influence on our thinking. I find this especially true of modern proof assistants, with "devious" out-weighing "profound". Cur is an experiment in design that aims to be less devious. The design emphasizes language extension, syntax manipulation, and DSL construction and integration. This enables the user to be in charge of how they think, rather than requiring the user to contort their thinking to that of the proof assistant. In this talk, my goal is to convince you that you want similar capabilities in a proof assistant, and explain and demonstrate Cur's attempt at solving the problem. The talk video recording and slides with notes and demo code are available. Upcoming talks: Anders Mörtberg's talk on Cubical Agda will take place in September 2020.Every proof assistant: Epigram 2 - Autopsy, Obituary, Apology2020-06-09T00:00:00+02:002020-06-09T00:00:00+02:00http://math.andrej.com/2020/06/09/epigram-2-autopsy-obituary-apology<p>This week shall witness a performance by Conor McBride.</p>
<blockquote>
<h5 id="epigram-2-autopsy-obituary-apology">Epigram 2: Autopsy, Obituary, Apology</h5>
<p><strong>Time:</strong> Thursday, June 11, 2020 from 16:00 to 17:00 (Central European Summer Time, UTC+2)<br />
<strong>Location:</strong> online at <a href="https://zoom.us/j/98904788985">Zoom ID 989 0478 8985</a><br />
<strong>Speaker:</strong> <a href="http://strictlypositive.org">Conor McBride</a> (University of Strathclyde)<br />
<strong>Proof assistant:</strong> <a href="https://github.com/mietek/epigram2">Epigram 2</a></p>
<p><strong>Abstract:</strong>
"A good pilot is one with the same number of take-offs and landings."
runs the old joke, which makes me a very bad pilot indeed. The Epigram
2 project was repeatedly restarted several times in the late 2000s and
never even reached cruising altitude. This talk is absolutely not an
attempt to persuade you to start using it. Rather, it is an
exploration of the ideas which drove it: proof irrelevant
observational equality, first class datatype descriptions, nontrivial
equational theories for neutral terms. We may yet live to see such
things. Although the programming language elaborator never happened,
the underlying proof engine was accessible via an imperative interface
called "Cochon": we did manage some interesting constructions, at
least one of which I can walk through. I'll also explore the reasons,
human and technological, why the thing did not survive the long dark.</p>
<p>The <a href="https://vimeo.com/428161108">video recording of the talk</a>.</p>
</blockquote>
<p>Upcoming talks:</p>
<ul>
<li>June 25, 2020: <a href="https://www.williamjbowman.com">William J. Bowman</a>, <a href="https://github.com/wilbowma/cur">Cur</a></li>
<li>July 2, 2020: <a href="https://staff.math.su.se/anders.mortberg/">Anders Mörtberg</a> - <a href="https://agda.readthedocs.io/en/v2.6.1/language/cubical.html">Cubical Agda</a></li>
</ul>Andrej BauerThis week shall witness a performance by Conor McBride. Epigram 2: Autopsy, Obituary, Apology Time: Thursday, June 11, 2020 from 16:00 to 17:00 (Central European Summer Time, UTC+2) Location: online at Zoom ID 989 0478 8985 Speaker: Conor McBride (University of Strathclyde) Proof assistant: Epigram 2 Abstract: "A good pilot is one with the same number of take-offs and landings." runs the old joke, which makes me a very bad pilot indeed. The Epigram 2 project was repeatedly restarted several times in the late 2000s and never even reached cruising altitude. This talk is absolutely not an attempt to persuade you to start using it. Rather, it is an exploration of the ideas which drove it: proof irrelevant observational equality, first class datatype descriptions, nontrivial equational theories for neutral terms. We may yet live to see such things. Although the programming language elaborator never happened, the underlying proof engine was accessible via an imperative interface called "Cochon": we did manage some interesting constructions, at least one of which I can walk through. I'll also explore the reasons, human and technological, why the thing did not survive the long dark. The video recording of the talk. Upcoming talks: June 25, 2020: William J. Bowman, Cur July 2, 2020: Anders Mörtberg - Cubical AgdaEvery proof assistant: redtt2020-06-01T00:00:00+02:002020-06-01T00:00:00+02:00http://math.andrej.com/2020/06/01/redtt-and-the-future-of-cartesian-cubical-type-theory<p>This week the speaker will be Jon Sterling, and we are getting two proof assistants for the price of one!</p>
<blockquote>
<h5 id="redtt-and-the-future-of-cartesian-cubical-type-theory"><code class="highlighter-rouge">redtt</code> and the future of Cartesian cubical type theory</h5>
<p><strong>Time:</strong> Thursday, June 4, 2020 from 16:00 to 17:00 (Central European Summer Time, UTC+2)<br />
<strong>Location:</strong> online at <a href="https://zoom.us/j/98904788985">Zoom ID 989 0478 8985</a><br />
<strong>Speaker:</strong> <a href="https://www.jonmsterling.com">Jon Sterling</a> (Carnegie Mellon University)<br />
<strong>Proof assistant:</strong> <a href="https://github.com/RedPRL/redtt">redtt</a> and <a href="https://github.com/RedPRL/cooltt">cooltt</a></p>
<p><strong>Abstract:</strong>
<code class="highlighter-rouge">redtt</code> is an interactive proof assistant for Cartesian cubical type theory, a version of
Martin-Löf type theory featuring computational versions of function extensionality, higher
inductive types, and univalence. Building on ideas from Epigram, Agda, and Idris, <code class="highlighter-rouge">redtt</code>
introduces a new cubical take on interactive proof development with holes. We will first
introduce the basics of cubical type theory and then dive into an interactive
demonstration of <code class="highlighter-rouge">redtt</code>’s features and its mathematical library.</p>
<p>After this we will catch a first public glimpse of the future of <code class="highlighter-rouge">redtt</code>, a new prototype
that our team is building currently code-named “<code class="highlighter-rouge">cooltt</code>”: <code class="highlighter-rouge">cooltt</code> introduces syntax to
split on disjunctions of cofibrations in arbitrary positions, implementing the full
definitional eta law for disjunction. While <code class="highlighter-rouge">cooltt</code> is still in the early stages, it
already has full support for univalence and cubical interactive proof development.</p>
<p>The <a href="https://vimeo.com/425917591">video recording of the talk</a>.</p>
</blockquote>
<p>Upcoming talks:</p>
<ul>
<li>June 11, 2020: <a href="http://strictlypositive.org">Conor McBride</a> - <a href="https://github.com/mietek/epigram2">Epigram 2</a></li>
<li>June 25, 2020: <a href="https://www.williamjbowman.com">William J. Bowman</a>, <a href="https://github.com/wilbowma/cur">Cur</a></li>
<li>July 2, 2020: <a href="https://staff.math.su.se/anders.mortberg/">Anders Mörtberg</a> - <a href="https://agda.readthedocs.io/en/v2.6.1/language/cubical.html">Cubical Agda</a></li>
</ul>Andrej BauerThis week the speaker will be Jon Sterling, and we are getting two proof assistants for the price of one! redtt and the future of Cartesian cubical type theory Time: Thursday, June 4, 2020 from 16:00 to 17:00 (Central European Summer Time, UTC+2) Location: online at Zoom ID 989 0478 8985 Speaker: Jon Sterling (Carnegie Mellon University) Proof assistant: redtt and cooltt Abstract: redtt is an interactive proof assistant for Cartesian cubical type theory, a version of Martin-Löf type theory featuring computational versions of function extensionality, higher inductive types, and univalence. Building on ideas from Epigram, Agda, and Idris, redtt introduces a new cubical take on interactive proof development with holes. We will first introduce the basics of cubical type theory and then dive into an interactive demonstration of redtt’s features and its mathematical library. After this we will catch a first public glimpse of the future of redtt, a new prototype that our team is building currently code-named “cooltt”: cooltt introduces syntax to split on disjunctions of cofibrations in arbitrary positions, implementing the full definitional eta law for disjunction. While cooltt is still in the early stages, it already has full support for univalence and cubical interactive proof development. The video recording of the talk. Upcoming talks: June 11, 2020: Conor McBride - Epigram 2 June 25, 2020: William J. Bowman, Cur July 2, 2020: Anders Mörtberg - Cubical AgdaEvery proof assistant: Beluga2020-05-25T00:00:00+02:002020-05-25T00:00:00+02:00http://math.andrej.com/2020/05/25/mechanizing-meta-theory-in-beluga<p>We are marching on with the Every proof assistant series!</p>
<blockquote>
<h5 id="mechanizing-meta-theory-in-beluga">Mechanizing Meta-Theory in Beluga</h5>
<p><strong>Time:</strong> Thursday, May 28, 2020 from 16:00 to 17:00 (Central European Summer Time, UTC+2)<br />
<strong>Location:</strong> online at <a href="https://zoom.us/j/98904788985">Zoom ID 989 0478 8985</a><br />
<strong>Speaker:</strong> <a href="https://www.cs.mcgill.ca/~bpientka/">Brigitte Pientka</a> (McGill University)<br />
<strong>Proof assistant:</strong> <a href="http://complogic.cs.mcgill.ca/beluga/">Beluga</a></p>
<p><strong>Abstract:</strong> Mechanizing formal systems, given via axioms and inference rules, together
with proofs about them plays an important role in establishing trust in formal
developments. In this talk, I will survey the proof environment Beluga. To specify formal
systems and represent derivations within them, Beluga relies on the logical framework LF;
to reason about formal systems, Beluga provides a dependently typed functional language
for implementing (co)inductive proofs about derivation trees as (co)recursive functions
following the Curry-Howard isomorphism. Key to this approach is the ability to model
derivation trees that depend on a context of assumptions using a generalization of the
logical framework LF, i.e. contextual LF which supports first-class contexts and
simultaneous substitutions.</p>
<p>Our experience demonstrated that Beluga enables direct and compact
mechanizations of the meta-theory of formal systems, in particular programming
languages and logics.</p>
<p>The <a href="https://vimeo.com/423668919">video recording of the talk</a>.</p>
</blockquote>
<p>Upcoming talks:</p>
<ul>
<li>June 4, 2020: <a href="https://www.jonmsterling.com">Jon Sterling</a> - <a href="https://github.com/RedPRL/redtt">redtt</a></li>
<li>June 11, 2020: <a href="http://strictlypositive.org">Conor McBride</a> - <a href="https://github.com/mietek/epigram2">Epigram 2</a></li>
<li>June 25, 2020: <a href="https://www.williamjbowman.com">William J. Bowman</a>, <a href="https://github.com/wilbowma/cur">Cur</a></li>
<li>July 2, 2020: <a href="https://staff.math.su.se/anders.mortberg/">Anders Mörtberg</a> - <a href="https://agda.readthedocs.io/en/v2.6.1/language/cubical.html">Cubical Agda</a></li>
</ul>Andrej BauerWe are marching on with the Every proof assistant series! Mechanizing Meta-Theory in Beluga Time: Thursday, May 28, 2020 from 16:00 to 17:00 (Central European Summer Time, UTC+2) Location: online at Zoom ID 989 0478 8985 Speaker: Brigitte Pientka (McGill University) Proof assistant: Beluga Abstract: Mechanizing formal systems, given via axioms and inference rules, together with proofs about them plays an important role in establishing trust in formal developments. In this talk, I will survey the proof environment Beluga. To specify formal systems and represent derivations within them, Beluga relies on the logical framework LF; to reason about formal systems, Beluga provides a dependently typed functional language for implementing (co)inductive proofs about derivation trees as (co)recursive functions following the Curry-Howard isomorphism. Key to this approach is the ability to model derivation trees that depend on a context of assumptions using a generalization of the logical framework LF, i.e. contextual LF which supports first-class contexts and simultaneous substitutions. Our experience demonstrated that Beluga enables direct and compact mechanizations of the meta-theory of formal systems, in particular programming languages and logics. The video recording of the talk. Upcoming talks: June 4, 2020: Jon Sterling - redtt June 11, 2020: Conor McBride - Epigram 2 June 25, 2020: William J. Bowman, Cur July 2, 2020: Anders Mörtberg - Cubical AgdaEvery proof assistant: MMT2020-05-15T00:00:00+02:002020-05-15T00:00:00+02:00http://math.andrej.com/2020/05/15/mmt-a-foundation-independent-logical-system<p>I am happy to announce the next seminar in the "Every proof assistant" series.</p>
<blockquote>
<h5 id="mmt-a-foundation-independent-logical-system">MMT: A Foundation-Independent Logical System</h5>
<p><strong>Time:</strong> Thursday, May 21, 2020 from 16:00 to 17:00 (Central European Summer Time, UTC+2)<br />
<strong>Location:</strong> online at <a href="https://zoom.us/j/98904788985">Zoom ID 989 0478 8985</a><br />
<strong>Speaker:</strong> <a href="https://kwarc.info/people/frabe/">Florian Rabe</a> (University of Erlangen)<br />
<strong>Proof assistant:</strong> <a href="https://uniformal.github.io/">The MMT Language and System</a></p>
<p><strong>Abstract:</strong> Logical frameworks are meta-logics for defining other logics. MMT follows this
approach but abstracts even further: it avoids committing to any foundational features like function
types or propositions. All MMT algorithms are parametric in a set of rules, which are self-contained
objects plugged in by the language designer. That results in a framework general enough to develop
many formal systems including other logical frameworks in it, enabling the rapidly prototyping of
new language features.</p>
<p>Despite this high level of generality, it is possible to develop sophisticated results in MMT. The
current release includes, e.g., parsing, type reconstruction, module system, IDE-style editor, and
interactive library browser. MMT is systematically designed to be extensible, providing multiple
APIs and plugin interfaces, and thus provides a versatile infrastructure for system development and
integration.</p>
<p>This talk gives an overview of the current state of MMT and its future challenges. Examples are
drawn from the LATIN project, a long-running project of building a modular, highly inter-related
suite of formalizations of logics and related formal systems.</p>
<p>The <a href="https://vimeo.com/421123419">video recording of the talk</a>.</p>
</blockquote>
<p>The spring schedule of talks is planned as follows:</p>
<ul>
<li>May 28, 2020: <a href="https://www.cs.mcgill.ca/~bpientka/">Brigitte Pientka</a> - <a href="http://complogic.cs.mcgill.ca/beluga/">Beluga</a></li>
<li>June 4, 2020: <a href="https://www.jonmsterling.com">Jon Sterling</a> - <a href="https://github.com/RedPRL/redtt">redtt</a> (to be confirmed)</li>
<li>June 11, 2020: <a href="http://strictlypositive.org">Conor McBride</a> - <a href="https://github.com/mietek/epigram2">Epigram 2</a></li>
<li>June 25, 2020: <a href="https://www.williamjbowman.com">William J. Bowman</a>, <a href="https://github.com/wilbowma/cur">Cur</a></li>
<li>July 2, 2020: <a href="https://staff.math.su.se/anders.mortberg/">Anders Mörtberg</a> - <a href="https://agda.readthedocs.io/en/v2.6.1/language/cubical.html">Cubical Agda</a></li>
</ul>Andrej BauerI am happy to announce the next seminar in the "Every proof assistant" series. MMT: A Foundation-Independent Logical System Time: Thursday, May 21, 2020 from 16:00 to 17:00 (Central European Summer Time, UTC+2) Location: online at Zoom ID 989 0478 8985 Speaker: Florian Rabe (University of Erlangen) Proof assistant: The MMT Language and System Abstract: Logical frameworks are meta-logics for defining other logics. MMT follows this approach but abstracts even further: it avoids committing to any foundational features like function types or propositions. All MMT algorithms are parametric in a set of rules, which are self-contained objects plugged in by the language designer. That results in a framework general enough to develop many formal systems including other logical frameworks in it, enabling the rapidly prototyping of new language features. Despite this high level of generality, it is possible to develop sophisticated results in MMT. The current release includes, e.g., parsing, type reconstruction, module system, IDE-style editor, and interactive library browser. MMT is systematically designed to be extensible, providing multiple APIs and plugin interfaces, and thus provides a versatile infrastructure for system development and integration. This talk gives an overview of the current state of MMT and its future challenges. Examples are drawn from the LATIN project, a long-running project of building a modular, highly inter-related suite of formalizations of logics and related formal systems. The video recording of the talk. The spring schedule of talks is planned as follows: May 28, 2020: Brigitte Pientka - Beluga June 4, 2020: Jon Sterling - redtt (to be confirmed) June 11, 2020: Conor McBride - Epigram 2 June 25, 2020: William J. Bowman, Cur July 2, 2020: Anders Mörtberg - Cubical AgdaEvery proof assistant: Arend2020-04-28T00:00:00+02:002020-04-28T00:00:00+02:00http://math.andrej.com/2020/04/28/every-theorem-prover<p>For a while now I have been contemplating a series of seminars titled <em>"Every
proof assistant"</em> that would be devoted to all the different proof assistants
out there. Apart from the established ones
(<a href="https://isabelle.in.tum.de">Isabelle/HOL</a>, <a href="https://coq.inria.fr">Coq</a>,
<a href="https://wiki.portal.chalmers.se/agda/pmwiki.php">Agda</a>,
<a href="https://leanprover.github.io">Lean</a>), there are other interesting experimental
proof assistants, and some that are still under development, or just proofs of
concept. I would like to know more about them, and I suspect I am not the only
one.</p>
<!--more-->
<p>Getting the authors of proof assistants to travel to Ljubljana and giving talks
at our <a href="https://www.fmf.uni-lj.si/si/obvestila/agregator/seminar-temelji/">Foundations of mathematics and theoretical computer
science</a>
seminar has largely become impossible. But luckily research seminars world-wide
are rapidly moving online, and so is our Foundations seminar. I am therefore
delighted to announce the first "Every proof assistant" seminar:</p>
<blockquote>
<h5 id="arend-proof-assistant">Arend proof assistant</h5>
<p><strong>Time:</strong> Thursday, April 30, 2020 from 18:00 to 19:00 (Central European Summer Time, UTC+2)<br />
<strong>Location:</strong> online at <a href="https://zoom.us/j/96544395816">Zoom ID 965 4439 5816</a><br />
<strong>Speaker:</strong> <a href="https://research.jetbrains.org/researchers/valis">Valery Isaev</a> (JetBrains research)
<strong>Proof assistant:</strong> <a href="https://arend-lang.github.io">Arend proof assistant</a></p>
<p><strong>Abstract:</strong> I will discuss Arend, a proof assistant developed at JetBrains
Research. The aim of Arend is to provide a powerful system for formalization
results in homotopy type theory and in ordinary mathematics. To achieve the
latter goal, we prove a flexible class system with subtyping, universe
polymorphism with a powerful level inference mechanism, quotient sets with a
convenient pattern matching principles for them. We also recently implemented
a tactic framework which can be used to automate routine proofs and implement
various EDSLs. Homotopic features of Arend include built-in universes of
finite homotopy level, higher inductive types, univalence, and path types in
the style of cubical type theories. I will talk about these features and also
about our plans to implement language extensions that can be used to simplify
reasoning about various higher structures.</p>
<p><a href="https://vimeo.com/413726748">Video recording</a> of the talk is available.</p>
</blockquote>
<p>I have a couple more in the pipeline, so follow this blog, the <a href="https://www.fmf.uni-lj.si/si/obvestila/agregator/seminar-temelji/">Foundations seminar announcements</a> or my Twitter account <a href="https://twitter.com/andrejbauer">@andrejbauer</a>.</p>Andrej BauerFor a while now I have been contemplating a series of seminars titled "Every proof assistant" that would be devoted to all the different proof assistants out there. Apart from the established ones (Isabelle/HOL, Coq, Agda, Lean), there are other interesting experimental proof assistants, and some that are still under development, or just proofs of concept. I would like to know more about them, and I suspect I am not the only one.On fixed-point theorems in synthetic computability2019-11-07T00:00:00+01:002019-11-07T00:00:00+01:00http://math.andrej.com/2019/11/07/on-fixed-point-theorems-in-synthetic-computability<p>I forgot to record the fact that already two years ago I wrote a paper on
Lawvere's fixed-point theorem in synthetic computability:</p>
<blockquote>
<p>Andrej Bauer: <a href="/asset/data/recursion-theorem.pdf"><em>On fixed-point theorems in synthetic computability</em></a>.
Tbilisi Mathematical Journal, Volume 10: Issue 3, pp. 167–181.</p>
</blockquote>
<p>It was a special issue in honor of Professors <a href="https://en.wikipedia.org/wiki/Peter_J._Freyd">Peter J.
Freyd</a> and <a href="https://en.wikipedia.org/wiki/William_Lawvere">F. William
Lawvere</a> on the occasion of their
80th birthdays.</p>
<p>Lawvere's paper <a href="http://tac.mta.ca/tac/reprints/articles/15/tr15abs.html">"Diagonal arguments and cartesian closed
categories</a> proves a
beautifully simple fixed point theorem.</p>
<blockquote>
<p><strong>Theorem:</strong> (Lawvere) <em>If $e : A \to B^A$ is a surjection then every $f : B \to B$ has a fixed point.</em></p>
</blockquote>
<p><em>Proof.</em> Because $e$ is a surjection, there is $a \in A$ such that $e(a) = \lambda x : A \,.\, f(e(x)(x))$, but then $e(a)(a) = f(e(a)(a)$. $\Box$</p>
<p>Lawvere's original version is a bit more general, but the one given here makes is very clear that Lawvere's fixed point theorem is the diagonal argument in crystallized form. Indeed, the contrapositive form of the theorem, namely</p>
<blockquote>
<p><strong>Corollary:</strong> <em>If $f : B \to B$ has no fixed point then there is no surjection $e : A \to B^A$.</em></p>
</blockquote>
<p>immediately implies a number of famous theorems that rely on the diagonal argument. For example, there can be no surjection $A \to \lbrace 0, 1\rbrace^A$ because the map $x \mapsto 1 - x$ has no fixed point in $\lbrace 0, 1\rbrace$ -- and that is Cantors' theorem.</p>
<p>It not easy to find non-trivial instances to which Lawvere's theorem applies. Indeed, if excluded middle holds, then having a surjection $e : A \to B^A$ implies that $B$ is the singleton. We should look for interesting instances in categories other than classical sets. In my paper I do so: I show that countably based $\omega$-cpos in the effective topos are countable and closed under countable products, which gives us a rich supply of objects $B$ such that there is a surjection $\mathbb{N} \to B^\mathbb{N}$.</p>
<p>Enjoy the paper!</p>Andrej BauerI forgot to record the fact that already two years ago I wrote a paper on Lawvere's fixed-point theorem in synthetic computability: Andrej Bauer: On fixed-point theorems in synthetic computability. Tbilisi Mathematical Journal, Volume 10: Issue 3, pp. 167–181. It was a special issue in honor of Professors Peter J. Freyd and F. William Lawvere on the occasion of their 80th birthdays. Lawvere's paper "Diagonal arguments and cartesian closed categories proves a beautifully simple fixed point theorem. Theorem: (Lawvere) If $e : A \to B^A$ is a surjection then every $f : B \to B$ has a fixed point. Proof. Because $e$ is a surjection, there is $a \in A$ such that $e(a) = \lambda x : A \,.\, f(e(x)(x))$, but then $e(a)(a) = f(e(a)(a)$. $\Box$ Lawvere's original version is a bit more general, but the one given here makes is very clear that Lawvere's fixed point theorem is the diagonal argument in crystallized form. Indeed, the contrapositive form of the theorem, namely Corollary: If $f : B \to B$ has no fixed point then there is no surjection $e : A \to B^A$. immediately implies a number of famous theorems that rely on the diagonal argument. For example, there can be no surjection $A \to \lbrace 0, 1\rbrace^A$ because the map $x \mapsto 1 - x$ has no fixed point in $\lbrace 0, 1\rbrace$ -- and that is Cantors' theorem. It not easy to find non-trivial instances to which Lawvere's theorem applies. Indeed, if excluded middle holds, then having a surjection $e : A \to B^A$ implies that $B$ is the singleton. We should look for interesting instances in categories other than classical sets. In my paper I do so: I show that countably based $\omega$-cpos in the effective topos are countable and closed under countable products, which gives us a rich supply of objects $B$ such that there is a surjection $\mathbb{N} \to B^\mathbb{N}$. Enjoy the paper!Runners in action2019-10-28T00:00:00+01:002019-10-28T00:00:00+01:00http://math.andrej.com/2019/10/28/runners-in-action<p>It has been almost a decade since <a href="http://matija.pretnar.info">Matija Pretnar</a>
and I posted the <a href="http://math.andrej.com/category/eff/">first blog posts</a> about
programming with algebraic effects and handlers and the programming language
<a href="http://www.eff-lang.org">Eff</a>. Since then handlers have become a well-known
control mechanism in programming languages.</p>
<p>Handlers and monads excel at <em>simulating</em> effects, either in terms of other
effects or as pure computations. For example, the familiar <a href="https://wiki.haskell.org/State_Monad">state
monad</a> implements mutable state with
(pure) state-passing functions, and there are many more examples. But I have
always felt that handlers and monads are not very good at explaining how a
program interacts with its external environment and how it gets to perform
<em>real-world</em> effects.</p>
<p><a href="https://danel.ahman.ee">Danel Ahman</a> and I have worked for a while on attacking
the question on how to better model external resources and what programming
constructs are appropriate for working with them. The time is right for us to
show what we have done so far. The theoretical side of things is explained in
our paper <a href="http://arxiv.org/abs/1910.11629"><strong>Runners in action</strong></a>, Danel
implemented a Haskell library
<a href="https://github.com/danelahman/haskell-coop"><strong>Haskell-Coop</strong></a> to go with the
paper, and I implemented a programming language
<a href="https://github.com/andrejbauer/coop"><strong>Coop</strong></a>.</p>
<!--more-->
<p>General-purpose programming languages, even the so-called pure ones, have to have
<em>some</em> account of interaction with the external environment. A popular choice is
to provide a foreign-function interface that connects the language with an
external library, and through it with an operating system and the universe. A
more nuanced approach would differentiate between a function that just happens
to be written in a different language, and one that actually performs an effect.
The latter kind is known as an <em>algebraic operation</em> in the
algebraic-effects-and-handlers way of doing things.</p>
<p>A <em>bad</em> approach to modeling the external world is to pretend that it is
internal to the language. One would think that this is obvious but it is not.
For instance, Haskell represents the interface to the external world through the
<a href="https://www.haskell.org/onlinereport/haskell2010/haskellch41.html#x49-32100041.1"><code class="highlighter-rouge">IO</code>
monad</a>.
But what is this monad <em>really</em>? How does it get to interact with the external
world? The Haskell Wiki page which answers this question has <a href="https://wiki.haskell.org/IO_inside#Welcome_to_the_RealWorld.2C_baby">the following
disclaimer</a>:</p>
<blockquote>
<p><em>"Warning: The following story about <code class="highlighter-rouge">IO</code> is incorrect in that it cannot
actually explain some important aspects of <code class="highlighter-rouge">IO</code> (including interaction and
concurrency). However, some people find it useful to begin developing an
understanding."</em></p>
</blockquote>
<p>The Wiki goes on to say how <code class="highlighter-rouge">IO</code> is a bit like a state monad with an imaginary
<code class="highlighter-rouge">RealWorld</code> state, except that of course <code class="highlighter-rouge">RealWorld</code> is not really a Haskell
type, or at least not one that actually holds the state of the real world.</p>
<p>The situation with Eff is not much better: it treats some operations at the
top-level in a special way. For example, if <code class="highlighter-rouge">print</code> percolates to the top level,
it turns into a <em>real</em> <code class="highlighter-rouge">print</code> that actually causes an effect. So it looks like
there is some sort of "top level handler" that models the real world, but that
cannot be the case: a handler may discard the continuation or run it twice, but
Eff hardly has the ability to discard the external world, or to make it
bifurcate into two separate realities.</p>
<p>If <code class="highlighter-rouge">IO</code> monad is not an honest monad and a top-level handler is not really a
handler, then what we have is a case of ingenious hackery in need of proper
programming-language design.</p>
<p>How precisely does an operation call in the program cause an effect in the
external world? As we have just seen, some sort of runtime environment or top
level needs to relate it to the external world. From the viewpoint of the
program, the external world appears as state which is not directly accessible,
or even representable in the language. The effect of calling an operation
$\mathtt{op}(a,\kappa)$ is to change the state of the world, and to get back a
result. We can model the situation with a map $\overline{\mathtt{op}} : A \times
W \to B \times W$, where $W$ is the set of all states of the world, $A$ is the
set of parameters, and $B$ the set of results of the operation. The operation
call $\mathtt{op}(a, \kappa)$ is "executed" in the current world $w \in W$ by
computing $\overline{\mathtt{op}}(a,w) = (b, w')$ to get the next world $w'$ and
a result $b$. The program then proceeds with the continuation $\kappa\,b$ in the
world $w'$. Notice how the world $w$ is an external entity that is manipulated
by the external map $\overline{\mathtt{op}}$ realistically in a <em>linear</em>
fashion, i.e., the world is neither discarded nor copied, just transformed.</p>
<p>What I have just described is <em>not</em> a monad or a handler, but a <em>comodel</em>, also
known as a <em>runner</em>, and the map $\overline{\mathtt{op}}$ is not an operation,
but a <em>co-operation</em>. This was all observed a while ago by <a href="http://homepages.inf.ed.ac.uk/gdp/">Gordon
Plotkin</a> and <a href="https://scholar.google.co.uk/citations?user=aOCekqQAAAAJ">John
Power</a>, <a href="https://www.ioc.ee/~tarmo/">Tarmo
Uustalu</a>, and generalized by <a href="http://www.itu.dk/people/mogel/">Rasmus
Møgelberg</a> and <a href="https://www.cs.ox.ac.uk/people/samuel.staton/main.html">Sam
Staton</a>, see our paper
for references. Perhaps we should replace "top-level" handlers and "special"
monads with runners?</p>
<p>Danel and I worked out how <em>effectful</em> runners (a generalization of runners that
supports other effects in addition to state) provide a mathematical model of
resource management. They also give rise to a programming concept that models
top-level external resources, as well as allows programmers to modularly define
their own “virtual machines” and run code inside them. Such virtual machines can
be nested and combined in interesting ways. We capture the core ideas of
programming with runners in an equational calculus $\lambda_{\mathsf{coop}}$,
that guarantees the linear use of resources and execution of finalization code.</p>
<p>An interesting practical aspect of $\lambda_{\mathsf{coop}}$, that was begotten by
theory, is modeling of extra-ordinary circumstances. The external environment
should have the ability to signal back to the program an extra-ordinary
circumstance that prevents if from returning a result. This is normally
accomplished by an exception mechanism, but since the external world is
stateful, there are <em>two</em> ways of combining it with exceptions, namely the sum
and the tensor of algebraic theories. Which one is the right one? Both! After a
bit of head scratching we realized that the two options are (analogous to) what
is variously called <a href="https://docs.oracle.com/javase/tutorial/essential/exceptions/runtime.html">"checked" and "non-checked"
exceptions</a>,
<a href="http://man7.org/linux/man-pages/man3/errno.3.html">errors</a> and
<a href="http://man7.org/linux/man-pages/man7/signal.7.html">signals</a>, or <a href="https://www.repository.cam.ac.uk/bitstream/handle/1810/283239/paper.pdf?sequence=3&isAllowed=y">synchronous
and asynchronous
exceptions</a>.
And so we included in $\lambda_{\mathsf{coop}}$ both mechanisms: ordinary
<em>exceptions</em>, which are special events that disrupt the flow of user code but
can be caught and attended to, and <em>signals</em> which are unrecoverable failures
that irrevocably <em>kill</em> user code, but can still be finalized. We proved a finalization
theorem which gives strong guarantees about resources always being properly
finalized.</p>
<p>If you are familiar with handlers, as a first approximation you can think of
runners as handlers that use the continuation at most once in a tail-call
position. Many handlers are already of this form but not all. Non-determinism,
probability, and handlers that hijack the continuation (<code class="highlighter-rouge">delimcc</code>, threads, and
selection functionals) fall outside of the scope of runners. Perhaps in the
future we can resurrect some of these (in particular it seems like threads, or
even some form of concurrency would be worth investigating). There are many
other directions of possible future investigations: efficient compilation, notions
of correctness, extensions to the simple effect subtyping discipline that we
implemented, etc.</p>
<p>To find out more, we kindly invite you to have a look at the
<a href="http://arxiv.org/abs/1910.11629">paper</a>, and to try out the implementations.
The prototype programming language <a href="https://github.com/andrejbauer/coop">Coop</a>
implements and extends $\lambda_{\mathsf{coop}}$. You can start by skimming the
<a href="https://github.com/andrejbauer/coop/blob/master/Manual.md">Coop manual</a> and the
<a href="https://github.com/andrejbauer/coop/tree/master/examples">examples</a>. If you
prefer to experiment on your own, you might prefer the
<a href="https://github.com/danelahman/haskell-coop">Haskell-Coop</a> library, as it allows
you to combine runners with everything else that Haskell has to offer.</p>Andrej BauerIt has been almost a decade since Matija Pretnar and I posted the first blog posts about programming with algebraic effects and handlers and the programming language Eff. Since then handlers have become a well-known control mechanism in programming languages. Handlers and monads excel at simulating effects, either in terms of other effects or as pure computations. For example, the familiar state monad implements mutable state with (pure) state-passing functions, and there are many more examples. But I have always felt that handlers and monads are not very good at explaining how a program interacts with its external environment and how it gets to perform real-world effects. Danel Ahman and I have worked for a while on attacking the question on how to better model external resources and what programming constructs are appropriate for working with them. The time is right for us to show what we have done so far. The theoretical side of things is explained in our paper Runners in action, Danel implemented a Haskell library Haskell-Coop to go with the paper, and I implemented a programming language Coop.On complete ordered fields2019-09-09T00:00:00+02:002019-09-09T00:00:00+02:00http://math.andrej.com/2019/09/09/on-complete-ordered-fields<p><a href="http://jdh.hamkins.org">Joel Hamkins</a> advertised the following theorem on Twitter:</p>
<blockquote>
<p><strong>Theorem:</strong> <em>All <a href="https://en.wikipedia.org/wiki/Least-upper-bound_property">complete</a> <a href="https://en.wikipedia.org/wiki/Ordered_field">ordered</a> fields are isomorphic.</em></p>
</blockquote>
<p><a href="https://twitter.com/JDHamkins/status/1169935061480804352?s=20">The standard proof</a> posted by Joel has two parts:</p>
<ol>
<li>A complete ordered field is archimedean.</li>
<li>Using the fact that the rationals are dense in an archimedean field, we construct an isomorphism between any two complete ordered fields.</li>
</ol>
<p>The second step is constructive, but the first one is proved using excluded middle, as follows. Suppose $F$ is a complete ordered field. If $b \in F$ is an upper bound for the natural numbers, construed as a subset of $F$, then so $b - 1$, but then no element of $F$ can be the least upper bound of $\mathbb{N}$. By excluded middle, above every $x \in F$ there is $n \in \mathbb{N}$.</p>
<p>So I asked myself and the <a href="https://groups.google.com/forum/#!topic/constructivenews/4jncQ9axrxI">constructive news mailing list</a> what the constructive status of the theorem is. But something was amiss, as <a href="http://math.fau.edu/richman/">Fred Richman</a> immediately asked me to provide an example of a complete ordered field. Why would he do that, don't we have the <a href="https://ncatlab.org/nlab/show/MacNeille+real+number">MacNeille reals</a>? After agreeing on definitions, <a href="http://tobybartels.name">Toby Bartels</a> gave the answer, which I am taking the liberty to adapt a bit and present here. I am probably just reinventing the wheel, so if someone knows an original reference, please provide it in the comments.</p>
<p>The theorem holds constructively, but for a bizarre reason: if there exists a complete ordered field, then the law of excluded middle holds, and the standard proof is valid!</p>
<!--more-->
<p>As there are many constructive versions of order and completeness, let me spell out the definitions that are well adapted to the oddities of constructive mathematics. In classical logic these are all equivalent to the usual ones. Having to disentangle definitions when passing to constructive mathematics is a bit like learning how to be careful when passing from commutative to non-commutative algebra.</p>
<p>A <strong>partial order</strong> $\leq$ on a set $P$ is a reflexive, transitive and antisymmetric relation on $P$.</p>
<p>We are interested in <strong>linearly</strong> ordered fields, but constructively we need to take care, as the usual linearity, $x \leq y \lor y \leq x$, is quite difficult to satisfy, and may fail for reals.</p>
<p>A <strong>strict order</strong> on a set $P$ is a relation $<$ which is:</p>
<ul>
<li>irreflexive: $\lnot (x < x)$,</li>
<li>tight: $\lnot (x < y \lor y < x) \Rightarrow x = y$,</li>
<li>weakly linear: $x < y \Rightarrow x < z \lor z < y$</li>
</ul>
<p>The <strong>associated</strong> partial order is defined by $x \leq y \Leftrightarrow \lnot (y < x)$. The reflexivity, antisymmetry and transitivity of $\leq$ follow respectively from irreflexivity, tightness, and weak linearity of $<$.</p>
<p>Next, an element $x \in P$ is an <strong>upper bound</strong> for $S \subseteq P$ when $y \leq x$ for all $y \in P$. An element $x \in P$ is the <em>supremum</em> of $S \subseteq P$ if it is an upper bound for $S$, and for every $y < x$ there exists $z \in S$ such that $y < z$. A poset $P$ is <strong>(Dedekind-MacNeille) complete</strong> when every inhabited bounded subset has a supremum (for the classically trained, $S \subseteq P$ is <em>inhabited</em> when there exists $x \in S$, and this is <em>not</em> the same as $S \neq \emptyset$).</p>
<p>A basic exercise is to give a non-trivial complete order, i.e., a strict order $<$ whose associated partial order $\leq$ is complete.</p>
<blockquote>
<p><strong>Theorem:</strong> <em>If there exists a non-trivial complete order then excluded middle holds.</em></p>
</blockquote>
<p><em>Proof.</em> Suppose $<$ is a strict order on a set $P$ whose associated order $\leq$ is complete, and there exist $a, b \in P$ such that $a < b$. Let $\phi$ be any proposition. Consider the set $S = \lbrace x \in P \mid x = a \lor (\phi \land x = b)\rbrace$. Observe that $\phi$ is equivalent to $b \in S$. Because $a \in S \subseteq \lbrace a, b\rbrace$, the set $S$ is inhabited and bounded, so let $s$ be its supremum. We know that $a < s$ or $s < b$, from which we can decide $\phi$:</p>
<ol>
<li>If $a < s$ then $b \in S$: indeed, there exists $c \in S$ such that $a < c$, but then $c = b$. In this case $\phi$ holds.</li>
<li>If $s < b$ then $\lnot(b \in S)$: if we had $b \in S$ then $S = \lbrace a, b \rbrace$ and $b = s < b$, which is impossible. In this case $\lnot\phi$. $\Box$</li>
</ol>
<p>This immediately gives us the desired theorem.</p>
<blockquote>
<p><strong>Theorem (constructive):</strong> <em>All complete ordered fields are isomorphic.</em></p>
</blockquote>
<p><em>Proof.</em> The definition of a complete ordered field requires $0 < 1$, therefore excluded middle holds. Now proceed with the usual classical proof. $\Box$</p>
<p>This is very odd, as I always thought that the MacNeille reals form a MacNeille complete ordered field. Recall that a <a href="https://ncatlab.org/nlab/show/MacNeille+real+number">MacNeille real</a> is a pair $(L, U)$ of subsets of $\mathbb{Q}$ such that:</p>
<ol>
<li>$U$ is the set of upper bounds of $L$: $u \in U$ if, and only if, $\ell \leq u$ for all $\ell \in L$,</li>
<li>$L$ is the set of lower bounds of $U$: $\ell \in L$ if, and only if, $\ell \leq u$ for all $u \in U$,</li>
<li>$L$ and $U$ are inhabited.</li>
</ol>
<p>Furthermore, the MacNeille reals are complete, as they are just the <a href="https://ncatlab.org/nlab/show/MacNeille+completion">MacNeille completion</a> of the rationals. We may define a strict order on them by
stipulating that, for $x = (L_x, U_x)$ and $y = (L_y, U_y)$,
$$x < y \iff \exists q \in U_x . \exists r \in L_y \,.\, q < r.$$
According to Peter Johnstone (Sketches of an Elephant, D4.7), the MacNeille reals form a commutative unital ring in which $x$ is invertible if, and only if, $x < 0 \lor x > 0$. So apparently, the weak linearity of the strict order is problematic.</p>
<p>What if we relax completeness? Two standard notions of completeness are:</p>
<ol>
<li>An ordered field $F$ is <strong>Cauchy-complete</strong> if every Cauchy sequence has a limit in $F$.</li>
<li>An ordered field $F$ is <strong>Dedekind-complete</strong> if every Dedekind cut determines an element of $F$.</li>
</ol>
<p>It is easy enough to find non-isomorphic Cauchy-complete fields. Order the field $\mathbb{Q}(x)$ of rational functions with rational coefficients by stipulating that it extends the order of $\mathbb{Q}$ and that $q < x$ for all $q \in \mathbb{Q}$. The Cauchy-completion of $\mathbb{Q}(x)$ is a Cauchy complete field which is not isomorphic to $\mathbb{Q}$. Caveat: I am speaking off the top of my head, do not trust this paragraph! (Or any other for that matter.)</p>
<p>Regarding Dedekind completeness, it is important constructively that we take
<em>two-sided</em> Dedekind cuts, i.e., pairs $(L, U)$ of subsets of $F$ such that</p>
<ul>
<li>$L$ is lower-rounded: $q \in L \iff \exists r \in L . q < r$,</li>
<li>$U$ is upper-rounded: $r \in U \iff \exists q \in U . q < r$,</li>
<li>the cut is bounded: $L$ and $U$ are inhabited,</li>
<li>the cut is disjoint: $L \cap U = \emptyset$,</li>
<li>the cut is located: if $q < r$ then $L \in q$ or $r \in U$.</li>
</ul>
<p>Dedekind completeness states that for every Dedekind cut $(L, U)$ in $F$ there exists a unique $x \in F$ such that $L = \lbrace y \in F \mid y < x\rbrace$ and $U = \lbrace y \in F \mid x < y\rbrace$. Constructively this is a weaker form of completeness than the Dedekind-MacNeille one, but classically they coincide. Thus we cannot hope to exhibit constructively two non-isomorphic Dedekind-complete ordered fields (because constructive results are also classically valid). But perhaps there is a model of constructive mathematics where such strange fields exist. Does anyone know of one?</p>Andrej BauerJoel Hamkins advertised the following theorem on Twitter: Theorem: All complete ordered fields are isomorphic. The standard proof posted by Joel has two parts: A complete ordered field is archimedean. Using the fact that the rationals are dense in an archimedean field, we construct an isomorphism between any two complete ordered fields. The second step is constructive, but the first one is proved using excluded middle, as follows. Suppose $F$ is a complete ordered field. If $b \in F$ is an upper bound for the natural numbers, construed as a subset of $F$, then so $b - 1$, but then no element of $F$ can be the least upper bound of $\mathbb{N}$. By excluded middle, above every $x \in F$ there is $n \in \mathbb{N}$. So I asked myself and the constructive news mailing list what the constructive status of the theorem is. But something was amiss, as Fred Richman immediately asked me to provide an example of a complete ordered field. Why would he do that, don't we have the MacNeille reals? After agreeing on definitions, Toby Bartels gave the answer, which I am taking the liberty to adapt a bit and present here. I am probably just reinventing the wheel, so if someone knows an original reference, please provide it in the comments. The theorem holds constructively, but for a bizarre reason: if there exists a complete ordered field, then the law of excluded middle holds, and the standard proof is valid!What is algebraic about algebraic effects?2019-09-03T00:00:00+02:002019-09-03T00:00:00+02:00http://math.andrej.com/2019/09/03/what-is-algebraic-about-algebraic-effects<p>Published as <a href="https://arxiv.org/abs/1807.05923"><code class="highlighter-rouge">arXiv:1807.05923</code></a>.</p>
<p><strong>Abstract:</strong> This note recapitulates and expands the contents of a tutorial on the mathematical theory of algebraic effects and handlers which I gave at the Dagstuhl seminar 18172 <a href="https://www.dagstuhl.de/en/program/calendar/semhp/?semnr=18172">"Algebraic effect handlers go mainstream"</a>. It is targeted roughly at the level of a doctoral student with some amount of mathematical training, or at anyone already familiar with algebraic effects and handlers as programming concepts who would like to know what they have to do with algebra. We draw an uninterrupted line of thought between algebra and computational effects. We begin on the mathematical side of things, by reviewing the classic notions of universal algebra: signatures, algebraic theories, and their models. We then generalize and adapt the theory so that it applies to computational effects. In the last step we replace traditional mathematical notation with one that is closer to programming languages.</p>Andrej BauerPublished as arXiv:1807.05923. Abstract: This note recapitulates and expands the contents of a tutorial on the mathematical theory of algebraic effects and handlers which I gave at the Dagstuhl seminar 18172 "Algebraic effect handlers go mainstream". It is targeted roughly at the level of a doctoral student with some amount of mathematical training, or at anyone already familiar with algebraic effects and handlers as programming concepts who would like to know what they have to do with algebra. We draw an uninterrupted line of thought between algebra and computational effects. We begin on the mathematical side of things, by reviewing the classic notions of universal algebra: signatures, algebraic theories, and their models. We then generalize and adapt the theory so that it applies to computational effects. In the last step we replace traditional mathematical notation with one that is closer to programming languages.