Mathematics and Computation

Free variables are not “implicitly universally quantified”!

Andrej Bauer — Tue, 25 Dec 2012 01:27:53 +0000

Mathematicians are often confused about the meaning of variables. I hear them say “a free variable is implicitly universally quantified”, by which they mean that it is ok to equate a formula $\phi$ with a free variable $x$ with its universal closure $\forall x \,.\, \phi$. I am addressing this post to those who share this opinion.

I will give several reasons, which are all essentially the same, why “there is no difference between $\phi$ and $\forall x \,.\, \phi$” is a really bad opinion to have.

Reason 1: you wouldn’t equate a function with its definite integral

You would not claim that a real-valued function $f : \mathbb{R} \to \mathbb{R}$ is “the same thing” as its definite integral $\int_{\mathbb{R}} f(x) \, d x$, would you? One is a real function, the other is a real number. Likewise, $\phi$ is a truth function and $\forall x \,.\, \phi(x)$ is a truth value.

Reason 2: functions are not their own values

To be quite precise, the expression $\phi$ by itself is not a function, just like the expression $x + \sin x$ is not a function. To make it into a function we must first abstract the variable $x$, which is usually written as $x \mapsto x + \sin x$, or $\lambda x \,.\, x + \sin x$, or fun x -> x +. sin x. In logic we indicate the fact that $\phi$ is a function by putting it in a context, so we write something like $x : \mathbb{R} \vdash \phi$.

Why is all this nit-picking necessary? Try answering these questions with “yes” and “no” consistently:

Is $x + \sin x$ a function in variable $x$?
Is $x + \sin x$ a function in variables $x$ and $y$?
Is $y – y + x + \sin x$ a function in variables $x$ and $y$?
Is $x + \sin x = y – y + x + \sin x$?

A similar sort of mistake happens in algebra where people think that polynomials are functions. They are not. They are elements of a certain freely generated ring.

Reason 3: They are not logically equivalent

It is absurd to claim that $\phi$ and $\forall x \in \mathbb{R} \,.\, \phi$ are logically equivalent statements. Suppose $\forall x \in \mathbb{R} \,.\, x > 2$ were equivalent to $x > 2$. Then I could replace one by the other in any formula I wish. So I choose the formula $\exists x \in \mathbb{R} \,.\, x > 2$. It must be equivalent to $\exists x \in \mathbb{R} \,.\, \forall x \in \mathbb{R} \,.\, x > 2$, but since $\forall x \in \mathbb{R} \,.\, x > 2$ is false, we get $\exists x \in \mathbb{R} \,.\, \bot$, which is false. We proved that there is no number larger than 2.

Reason 4: They are not inter-derivable

If you can tell the difference between an implication and logical entailment, perhaps you might try to counter reason 3 by pointing out that $\phi$ and $\forall x \,.\, \phi$ are either both derivable, or both not derivable. That is to say, we can prove one if, and only if, we can prove the other. But again, this is not the case. We can prove $\forall x \in \emptyset \,.\, \bot$ but we cannot prove $\bot$.

Reason 5: Bound variables can be renamed but free variables cannot

The formula $x > 2$ is obviously not the same thing as the formula $y > 2$. But the formula $\forall x \in \mathbb{R} . x > 2$ is actually the same as $\forall y \in \mathbb{R} . y > 2$. If you find this confusing it is because you were never taught properly how to handle free and bound variables.

Reason 6: You cannot prove $\forall x \,.\, \phi$ without allowing $x$ to become free

Perhaps we can just forbid free variables altogether and stipulate that all variables must always be quantified. But how are you then going to prove $\forall x \in \mathbb{R} \,.\, \phi$? The usual way

“Consider any $x \in \mathbb{R}$. Then bla bla bla, therefore $\phi$.”

is now forbidden because the first sentence introduces $x$ as a free variable.

We can abolish variables altogether if we wish, by resorting to combinators, but it makes no sense to keep variables and make them all bound all the time.

Epilogue: so in what sense are they the same?

There is a theorem in model theory:

Let $\phi$ be a formula in context $x_1, \ldots, x_n$ and $M$ a structure in which we can interpret $\phi$. The following are equivalent:

the universal closure $\forall x_1, \ldots, x_n \,.\, \phi$ is valid in $M$,

for every valuation $\nu : \lbrace x_1, \ldots, x_n \rbrace \to M$, $\phi[\nu]$ is valid in $M$.

This is sometimes abbreviated (quite inaccurately) as “a formula and its universal closure are semantically equivalent”. This theorem is causing a lot of harm because mathematicians interpret it as “free variables are implicitly universally bound”. But the theorem itself clearly distinguishes a formula from its universal closure. It has a limited range of applications in model theory. It is not a general reasoning principle that would allow you to dispose of thinking about free variables.

You are in good company. Philosophers have thought about free variables for millennia, although they phrase the problem in the language of universals and particulars. They wonder whether “dog” is the same thing as the set of all dogs, or perhaps there is an ideal dog which is “pure dogness”, but then do we need two ideal dogs to make ideal pups, etc. The answer is simple: a free variable is a projection from a cartesian product.

How to implement dependent type theory III

Andrej Bauer — Thu, 29 Nov 2012 03:55:28 +0000

I spent a week trying to implement higher-order pattern unification. I looked at couple of PhD dissertations, talked to lots of smart people, and failed because the substitutions were just getting in the way all the time. So today we are going to bite the bullet and implement de Bruijn indices and explicit substitutions.

The code is available on Github in the repository andrejbauer/tt (the blog-part-III branch).

People say that de Bruijn indices and explicit substitutions are difficult to implement. I agree, I spent far too long debugging my code. But because every bug crashed and burnt my program immediately, I at least knew I was not done. In contrast, “manual” substitutions hide their bugs really well, and so are even more difficult to get right. I am convinced that my implementation from part II is still buggy.

Blitz introduction to de Bruijn indices and explicit substitution

If you do not know about de Bruijn indices and explicit substitutions you should first read the relevant Wikipedia pages, and perhaps the original paper on explicit substitutions, written by a truly impressive group of authors. Here is an inadequate short explanation for those who cannot be bothered to click on links.

We keep looking up variables in a context by their names, which seems a bit inefficient. We might have the bright idea of referring to positions in the context directly. We can indeed do this, and because a context is like a stack there are two choices:

de Bruijn levels are positions as counted from the bottom of the stack,
de Bruijn indices are positions as counter from the top of the stack.

We will use the indices. Thus, when the context grows all the old indices have to be shifted by one, which sounds more horrible than it is, as levels bring their own problems (which?). For instance, the $\lambda$-term $\lambda x \,.\, \lambda y \,.\, x$ is written with de Bruijn indices as $\lambda \, (\lambda \, 1)$, whereas $\lambda x \,.\, \lambda y \,.\, y$ is written as $\lambda \, (\lambda \, 0)$. (Just go read the Wikipedia article on de Bruijn indices if you have not seen this before.)

The shifting and pushing of new things onto the context is expressed with explicit substitutions:

type substitution =
  | Shift of int
  | Dot of expr * substitution

Read Shift k as “add $k$ to all indices” and Dot(e,s) as “push $e$ and use $s$”. In mathematical notation we write $\uparrow^n$ instead of Shift n and $e \cdot \sigma$ instead of Dot(e,sigma). An explicit substitution $\sigma$ acts on an expression $e$ to give a new expression $[\sigma] e$. For example:

$[\uparrow^k] (\mathtt{Var}\, m) = \mathtt{Var} (k + m)$
$[e \cdot \sigma)] (\mathtt{Var}\, 0) = e$
$[e \cdot \sigma)] (\mathtt{Var}\, (k+1)) = [\sigma](\mathtt{Var}\, k).$

Below we will read off the other equations from the source code. Substitutions are performed on demand, which means that $[\sigma] e$ is an expression that needs to be accounted for in the syntax.

Splitting the syntax

The user is going to type in syntax with names, which we have to convert to an internal syntax that uses the indices. We should also keep the original names around for pretty-printing purposes. Therefore we need a datatype Input.exp for parsing,

(** Abstract syntax of expressions as given by the user. *)
type expr = expr' * Common.position
and expr' =
  | Var of Common.variable
  | Universe of int
  | Pi of abstraction
  | Lambda of abstraction
  | App of expr * expr

(** An abstraction [(x,t,e)] indicates that [x] of type [t] is bound in [e]. *)
and abstraction = Common.variable * expr * expr

and a datatype Syntax.expr for the internal syntax:

(** Abstract syntax of expressions, where de Bruijn indices are used to represent
    variables. *)
type expr = expr' * Common.position
and expr' =
  | Var of int                   (* de Briujn index *)
  | Subst of substitution * expr (* explicit substitution *)
  | Universe of universe
  | Pi of abstraction
  | Lambda of abstraction
  | App of expr * expr

(** An abstraction [(x,t,e)] indicates that [x] of type [t] is bound in [e]. We also keep around
    the original name [x] of the bound variable for pretty-printing purposes. *)
and abstraction = Common.variable * expr * expr

(** Explicit substitutions. *)
and substitution =
  | Shift of int
  | Dot of expr * substitution

Conversion from one to the other is done by Desugar.desugar. Notice that we do not throw away variable names, but rather keep them around in the internal syntax so that we can print them out later. Strangely enough, beautify.ml gets shorter with de Bruijn indices.

Explicit substitutions

The Syntax module contains a couple of functions for handling explicit substitutions. First we have Syntax.composition which tells us how substitutions are composed:

let rec compose s t =
  match s, t with
    | s, Shift 0 -> s
    | Dot (e, s), Shift m -> compose s (Shift (m - 1))
    | Shift m, Shift n -> Shift (m + n)
    | s, Dot (e, t) -> Dot (mk_subst s e, compose s t)

In mathematical notation:

$\sigma \circ \uparrow^0 = \sigma$
$(e \cdot \sigma) \circ \uparrow^{m} = s \circ \uparrow^{m-1}$
$\uparrow^{m} \circ \uparrow^{n} = \uparrow^{m + n}$
$\sigma \circ (e \cdot \tau) = [\sigma] e \cdot (\sigma \circ \tau)$

Of course, composition $\circ$ is the operation characterized by the equation $[\sigma \circ \tau] e = [\sigma]([\tau] e)$. Next we have Syntax.subst which explains how substitutions are performed:

(** [subst s e] applies explicit substitution [s] in expression [e]. It does so
    lazily, i.e., it does just enough to expose the outermost constructor of [e]. *)
let subst =
  let rec subst s ((e', loc) as e) =
    match s, e' with
      | Shift m, Var k -> Var (k + m), loc
      | Dot (e, s), Var 0 -> subst idsubst e
      | Dot (e, s), Var k -> subst s (Var (k - 1), loc)
      | s, Subst (t, e) -> subst s (subst t e)
      | _, Universe _ -> e
      | s, Pi a -> Pi (subst_abstraction s a), loc
      | s, Lambda a -> Lambda (subst_abstraction s a), loc
      | s, App (e1, e2) -> App (mk_subst s e1, mk_subst s e2), loc
  and subst_abstraction s (x, e1, e2) =
    let e1 = mk_subst s e1 in
    let e2 = mk_subst (Dot (mk_var 0, compose (Shift 1) s)) e2 in
      (x, e1, e2)
  in
    subst

The code is not very readable, but in mathematical notation the interesting bits say:

$[\uparrow^m](\mathtt{Var}\,k) = \mathtt{Var}\,(k + m)$
$[e \cdot \sigma] (\mathtt{Var}\,0) = e$
$[e \cdot \sigma] (\mathtt{Var}\,k) = [\sigma](\mathtt{Var}(k-1))$
$[\sigma](\lambda\, e) = \lambda \, ([\mathtt{Var}\,0 \cdot (\uparrow^1 \circ \sigma)] e)$
$[\sigma](e_1\,e_2) = ([\sigma]e_1)([\sigma]e_2)$

There is also Syntax.occurs which checks whether a given index appears freely in an expression. This is not entirely trivial because explicit substitutions and abstractions change the indices, so the function has to keep track of what is what.

You may wonder what happened to $\beta$-reduction. If you look at Norm.norm you will discover it burried in the code for normalization of applications:
$$(\lambda \, e_1)\, e_2 = [e_2 \cdot \uparrow^0] e_1.$$

Normalization

In the last part we demonstrated normalization by evaluation. We always normalized everything all the way, which is an overkill. For example, during equality checking the weak head normal form suffices to get the comparison started, and then we normalize on demand. So I replaced normalization by evaluation with direct normalization, as done in norm.ml. We still need normal forms when the user asks for them. Luckily, a single function can perform both kinds of normalization.

Optimization

The source contains no optimizations at all because its purpose is to be as clear as possible. The whole program is still pretty small, we are at 824 lines while the core is just 247 lines. The speed is comparable to the previous version, but with a bit of effort we should be able to speed it up considerably. Here are some opportunities:

we normalize a definition every time we look it up in the context,
explicit substitutions tend to cancel out, and it is a good idea to look for common special cases, like composition with the identity substitution,
there is a lot of shifting happening when we look things up in the context, perhaps some of those could be avoided

If anyone wants to work on these, I would be delighted to make a pull request.

I really have to do some serious math and stop playing around, so do not expect the next part anytime soon.

How to implement dependent type theory II

Andrej Bauer — Sun, 11 Nov 2012 15:48:41 +0000

I am on a roll. In the second post on how to implement dependent type theory we are going to:

Spiff up the syntax by allowing more flexible syntax for bindings in functions and products.
Keep track of source code locations so that we can report where the error has occurred.
Perform normalization by evaluation.

The relevant Github repository is andrejbauer/tt/ (branch blog-part-II). By the way, there are probably bugs in the implementation, I am not spending a huge amount of time on testing (mental note: put “implement testing” on the to do list). If you discover one, please tell me, or preferrably make a pull request with a fix. This also applies to old branches.

Source code positions

Source code positions seem like an annoyance because they pollute our nice datatypes. Nevertheless, an even bigger annoyance is an error message without an indication of its position.

The OCaml lexer keeps track of positions, and menhir has support for them, so we just need to incorporate them into our program. Every expression should be tagged with the source code position it came from. Sometimes we generate expressions with no associated position, so we define:

type position =
  | Position of Lexing.position * Lexing.position
  | Nowhere

The type Lexing.position is the one from OCaml lexer. Each expression is associated with two such positions, its beginning and end. To tag expressions with positions we define two types: expr is an expression with a position and expr' without (I stole the idea from Matija Pretnar‘s eff code):

(** Abstract syntax of expressions. *)
type expr = expr' * position
and expr' =
  | Var of variable
  | Universe of int
  | Pi of abstraction
  | Lambda of abstraction
  | App of expr * expr

(** An abstraction [(x,t,e)] indicates that [x] of type [t] is bound in [e]. *)
and abstraction = variable * expr * expr

Note that expr' refers back to expr so that subexpressions come equipped with their positions. We generally follow the rule that an apostrophe is attached to a type or a function which is position-less. Except that apostrohpies are not valid in the names of grammatical rules in the parser, so in parser.mly we write plain_expr instead of expr'.

We also extend the pretty printer and error reporting with positions, feel free to consult the source code.

Better syntax for bindings

This is a fairly trivial change. It is annoying to have to write things like

fun x : A => fun y : A => fun z : B => fun w : B => ...

We improve the parser so that it accepts syntax like

fun (x y : A) (z w : B) => ...

Let us read out the relevant portion of parser.mly, namely the rules abstraction, bind1 and binds:

abstraction:
  | b = bind1
    { [b] }
  | bs = binds
    { bs }

bind1: mark_position(plain_bind1) { $1 }
plain_bind1:
  | xs = nonempty_list(NAME) COLON t = expr
    { (List.map (fun x -> String x) xs, t) }

binds:
  | LPAREN b = bind1 RPAREN
    { [b] }
  | LPAREN b = bind1 RPAREN lst = binds
    { b :: lst }

A bind1 is something of the form x y ... z : t. A binds is a non-empty list of parenthesized bind1‘s. An abstraction is either a bind1 or a binds. Thus we can write fun x y z : t => ... and fun (x y z : t) => ... and fun (x y : t) (z : t) => ... but not fun x y : y (z : t) => ....

Normalization by evaluation

In the first version we performed normalization by substitution, just like theory books say we should. But this is horribly inefficient. We could improve efficiency by keeping a current substitution (a “runtime” environment) which maps variables to the expressions. When we encounter a variable we look up its value in the current substitution. This way at least we do not keep traversing expressions during substitutions.

An even cooler way to normalize is known as normalization by evaluation. We first “evaluate” expressions to actual OCaml values in such a way that definitionally equal expressions evaluate to (observationally) equivalent values, and then we reconstruct the expression from the value (the fancy speak is that we reify the value). Apart from giving us a normal form there are all sorts of other benefits (Dan Grayson keeps asking me which, perhaps the more knowledgable readers can point them out).

We need a datatype value into which we evaluate expressions. We need to evaluate expressions with free variables, which means that we are going to get stuck on applications of the form x v1 v2 .. vn where x is a free variable (these are called head-normal). We collect those in a separate datatype neutral:

type value =
  | Neutral of neutral
  | Universe of int
  | Pi of abstraction
  | Lambda of abstraction

and abstraction = variable * value * (value -> value)

and neutral =
  | Var of variable
  | App of neutral * value

Abstractions will be evaluated to OCaml functions (so OCaml will take care of substitutions). Thus an abstraction like fun x : t => e should be evaluated to a pair (u, v) where u is the value of t and v is the function $x \mapsto e$. But if you look at the definition of abstraction above you see that we also keep around the variable name. This we do for pretty-printing purposes. When we reify an evaluated abstraction back to its expression form, we use the variable name as a hint.

You should take the time to read value.ml which contains evaluation and reification, and comparison of values. Also note that Infer.normalize really is just the composition of evaluation and reification.

We are now at 759 lines of code. We added 90 codes for evaluation by normalization and 51 for the for keeping track of source code positions.

Trying something out

Ok, let us try something fun. How about Church numerals?

Parameter N : Type 0.
Parameter z : N.
Parameter s : N -> N.

Definition numeral := forall A : Type 0, (A -> A) -> (A -> A).

Definition zero := fun (A : Type 0) (f : A -> A) (x : A) => x.
Definition one := fun (A : Type 0) (f : A -> A) => f.
Definition two := fun (A : Type 0) (f : A -> A) (x : A) => f (f x).
Definition three := fun (A : Type 0) (f : A -> A) (x : A) => f (f (f x)).

Definition plus :=
  fun (m n : numeral) (A : Type 0) (f : A -> A) (x : A) => m A f (n A f x).

Definition times :=
  fun (m n : numeral) (A : Type 0) (f : A -> A) (x : A) => m A (n A f) x.

Definition power :=
  fun (m n : numeral) (A : Type 0) => m (A -> A) (n A).
  
Definition four := plus two two.
Definition five := plus two three.

If you put the above code in church.tt you can load it into tt by

./tt.native -l church.tt

Dare we compute $2^{16}$? Sure:

# Eval power two (power two four) N s z.
    = s (s (s (s (s (s (s (s (s (s (s (s (s (s (s (s (s (s (s (s (s (s (s (s (s (s (s (s
      (s (s (s (s (s (s (s (s (s (s (... (...)))))))))))))))))))))))))))))))))))))))
    : N

It takes a moment, but that is mostly because of pretty-printing (if you evaluate the same expression in non-interactive mode by placing it in a file, you will notice no delay). How about $2^{20}$?

# Eval power two (times four five).
Fatal error: exception Stack_overflow

Oh well. We will have to do something smarter (I am open to suggestions), or increase the stack size. Next time we are going some more types, and then I would like to focus on how to implement an interactive mode.

How to implement dependent type theory I

Andrej Bauer — Thu, 08 Nov 2012 05:23:50 +0000

I am spending a semester at the Institute for Advanced Study where we have a special year on Univalent foundations. We are doing all sorts of things, among others experimenting with type theories. We have got some real experts here who know type theory and Coq inside out, and much more, and they’re doing crazy things to Coq (I will report on them when they are done). In the meanwhile I have been thinking how one might implement dependent type theories with undecidable type checking. This is a tricky subject and I am certainly not the first one to think about it. Anyhow, if I want to experiment with type theories, I need a small prototype first. Today I will present a very minimal one, and build on it in future posts.

Make a guess, how many lines of code does it take to implement a dependent type theory with universes, dependent products, a parser, lexer, pretty-printer, and a toplevel which uses line-editing when available?

If you ever looked at my Programming languages zoo you know it does not take that many lines of code to implement a toy language. On the other hand, dependent type theory is different from a typical compiler because we cannot meaningfully separate the type checking, compilation, and execution phases.

Dan Licata pointed me to A Tutorial Implementation of a Dependently Typed Lambda Calculus by Andreas Löh, Connor McBride, and Wouter Swierstra which is similar to this one. It was a great inspiration to me, and you should have a look at it too, because they do things slightly differently: they use de Bruijn indices, they simplify things by assuming (paradoxically!) that $\mathtt{Type} \in \mathtt{Type}$, and they implement the calculus in Haskell, while we are going to do it in OCaml.

A minimal type theory

I am going to assume you are already familiar with Martin-Löf dependent type theory. We are going to implement:

a hierarchy of universes $\mathtt{Type}_0$, $\mathtt{Type}_1$, $\mathtt{Type}_2$, …
dependent products $\prod_{x : A} B$
functions $\lambda x : A . e$, and
application $e_1 \; e_2$.

We are not going to write down the exact inference rules, although that would be a good idea in a serious experiment. Instead, we are going to read them off later by looking at the source code.

Syntax

We can directly translate the above to abstract syntax of expressions (in the code below think of the type variable as string, we will explain it later):

(** Abstract syntax of expressions. *)
type expr =
  | Var of variable
  | Universe of int
  | Pi of abstraction
  | Lambda of abstraction
  | App of expr * expr

(** An abstraction [(x,t,e)] indicates that [x] of type [t] is bound in [e]. *)
and abstraction = variable * expr * expr

We choose a concrete syntax that is similar to that of Coq:

universes are written Type 0, Type 1, Type 2, …
the dependent product is written forall x : A, B,
a function is written fun x : A => B,
application is juxtaposition e1 e2.

If x does not appear freely in B, then we write A -> B instead of forall x : A, B.

In this tutorial we are not going to learn how to write a lexer and a parser, but see a comment about it below.

Substitution

One way or another we have to deal with substitution. We could try to avoid it by compiling into OCaml functions, or we could use de Bruijn indices. The expert opinion is that de Bruijn indices are the way to go, but I want to keep things as simple as possible for now, so let us just implement substitution.

Substitution must avoid variable capture. This means that we have to be able to generate new variable names. We can do it by simply generating an infinite sequence of them $x_1, x_2, x_3, \ldots$ But what it the user already used $x_3$, then we should not reuse it? To solve the problem we define a datatype of variable names like this:

type variable =
 | String of string
 | Gensym of string * int
 | Dummy

When the user types x3 we represent this as String "x3", whereas we generate variables of the form Gensym("x",3). We make sure that the integer is unique, so the variable is fresh. The string is a hint to the pretty-printer, which should try to print the generated variable as the string, if possible. For example, suppose we have a $\lambda$-abstraction

Lambda (String "x", ..., ...)

and because of substitutions we refreshed the variable to something like

Lambda (Gensym("x", 4124), ..., ...)

It would be silly to print this as fun x4124 : ... => ... if we could first rename the bound variable back to x, or to x1 if x is taken already. This is exactly what the pretty printer will do.

The Dummy variable is one that is never used. It only appears for the purposes of pretty printing.

Here is the substitution code:

(** [refresh x] generates a fresh variable name whose preferred form is [x]. *)
let refresh =
  let k = ref 0 in
    function
      | String x | Gensym (x, _) -> (incr k ; Gensym (x, !k))
      | Dummy -> (incr k ; Gensym ("_", !k))

(** [subst [(x1,e1); ...; (xn;en)] e] performs the given substitution of
    expressions [e1], ..., [en] for variables [x1], ..., [xn] in expression [e]. *)
let rec subst s = function
  | Var x -> (try List.assoc x s with Not_found -> Var x)
  | Universe k -> Universe k
  | Pi a -> Pi (subst_abstraction s a)
  | Lambda a -> Lambda (subst_abstraction s a)
  | App (e1, e2) -> App (subst s e1, subst s e2)

and subst_abstraction s (x, t, e) =
  let x' = refresh x in
    (x', subst s t, subst ((x, Var x') :: s) e)

Type inference

Our calculus is such that an expression has at most one type, and when it does the type can be inferred from the expression. Therefore, we are going to implement type inference. During inference we need to carry around a context which maps variables to their types. And since we will allow global definitions on the toplevel, the context should also store (optional) definitions. So we define contexts to be association lists.

type context = (Syntax.variable * (Syntax.expr * Syntax.expr option)) list

We need functions that lookup up types and values of variables, and one for extending a context with a new variable:

(** [lookup_ty x ctx] returns the type of [x] in context [ctx]. *)
let lookup_ty x ctx = fst (List.assoc x ctx)

(** [lookup_ty x ctx] returns the value of [x] in context [ctx], or [None]
    if [x] has no assigned value. *)
let lookup_value x ctx = snd (List.assoc x ctx)

(** [extend x t ctx] returns [ctx] extended with variable [x] of type [t],
    whereas [extend x t ~value:e ctx] returns [ctx] extended with variable [x]
    of type [t] and assigned value [e]. *)
let extend x t ?value ctx = (x, (t, value)) :: ctx

Notice that extending with a variable which already appears in the context shadows the old variable, as it should.

We said we would read off the typing rules from the source code:

(** [infer_type ctx e] infers the type of expression [e] in context [ctx].  *)
let rec infer_type ctx = function
  | Var x ->
    (try lookup_ty x ctx
     with Not_found -> Error.typing "unkown identifier %t" (Print.variable x))
  | Universe k -> Universe (k + 1)
  | Pi (x, t1, t2) ->
    let k1 = infer_universe ctx t1 in
    let k2 = infer_universe (extend x t1 ctx) t2 in
      Universe (max k1 k2)
  | Lambda (x, t, e) ->
    let _ = infer_universe ctx t in
    let te = infer_type (extend x t ctx) e in
      Pi (x, t, te)
  | App (e1, e2) ->
    let (x, s, t) = infer_pi ctx e1 in
    let te = infer_type ctx e2 in
      check_equal ctx s te ;
      subst [(x, e2)] t

Ok, here we go:

The type of a variable is looked up in the context.
The type of $\mathtt{Type}_k$ is $\mathtt{Type}_{k+1}$.
The type of $\prod_{x : T_1} T_2$ is $\mathtt{Type}_{\max(k, m)}$ where $T_1$ has type $\mathtt{Type}_k$ and $T_2$ has type $\mathtt{Type}_m$ in the context extended with $x : T_1$.
The type of $\lambda x : T \; . \; e$ is $\prod_{x : T} T’$ where $T’$ is the type of $e$ in the context extended with $x : T$.
The type of $e_1 \; e_2$ is $T[x/e_2]$ where $e_1$ has type $\prod_{x : S} T$ and $e_2$ has type $S$.

The typing rules refer to auxiliary functions infer_universe, infer_pi, and check_equal, which we have not defined yet. The function infer_universe infers the type of an expression, makes sure that the type is of the form $\mathtt{Type}_k$, and returns $k$. A common mistake is to think that you can implement it like this:

(** Why is this infer_universe wrong? *)
and bad_infer_universe ctx t =
    match infer_type ctx t with
      | Universe k -> u
      | App _ | Var _ | Pi _ | Lambda _ -> Error.typing "type expected"

This will not do. For example, what if infer_type ctx t returns the type $(\lambda x : \mathtt{Type}_{4} \; . \; x) \mathtt{Type}_3$? Then infer_universe will complain, because it does not see that the type it got is equal to $\mathtt{Type}_3$, even though it is not syntactically the same expression. We need to insert a normalization procedure which converts the type to a form from which we can read off its shape:

(** [infer_universe ctx t] infers the universe level of type [t] in context [ctx]. *)
and infer_universe ctx t =
  let u = infer_type ctx t in
    match normalize ctx u with
      | Universe k -> k
      | App _ | Var _ | Pi _ | Lambda _ -> Error.typing "type expected"

We shall implement normalization in a moment, but first we write down the other two auxiliary functions:

(** [infer_pi ctx e] infers the type of [e] in context [ctx], verifies that it is
    of the form [Pi (x, t1, t2)] and returns the triple [(x, t1, t2)]. *)
and infer_pi ctx e =
  let t = infer_type ctx e in
    match normalize ctx t with
      | Pi a -> a
      | Var _ | App _ | Universe _ | Lambda _ -> Error.typing "function expected"

(** [check_equal ctx e1 e2] checks that expressions [e1] and [e2] are equal. *)
and check_equal ctx e1 e2 =
  if not (equal ctx e1 e2)
  then Error.typing "expressions %t and %t are not equal" (Print.expr e1) (Print.expr e2)

Normalization and equality

We need a function normalize which takes an expression and “computes” it, so that we can tell when something is a universe, and when something is a function. There are several strategies on how we might do this, and any will do as long as we have the following property: if $e_1$ and $e_2$ are equal (type theorists say that they are judgmentally equal, or sometimes that they are definitionally equal) then after normalization they should become syntactically equal, up to renaming of bound variables.

Our judgmental equality essentially has just two simple rules, $\beta$-reduction and unfolding of definitions. So this is what the normalization procedure does:

(** [normalize ctx e] normalizes the given expression [e] in context [ctx]. It removes
    all redexes and it unfolds all definitions. It performs normalization under binders.  *)
let rec normalize ctx = function
  | Var x ->
    (match
        (try lookup_value x ctx
         with Not_found -> Error.runtime "unkown identifier %t" (Print.variable x))
     with
       | None -> Var x
       | Some e -> normalize ctx e)
  | App (e1, e2) ->
    let e2 = normalize ctx e2 in
      (match normalize ctx e1 with
        | Lambda (x, _, e1') -> normalize ctx (subst [(x,e2)] e1')
        | e1 -> App (e1, e2))
  | Universe k -> Universe k
  | Pi a -> Pi (normalize_abstraction ctx a)
  | Lambda a -> Lambda (normalize_abstraction ctx a)

and normalize_abstraction ctx (x, t, e) =
  let t = normalize ctx t in
    (x, t, normalize (extend x t ctx) e)

How about testing for equality of expressions, which was needed in the rule for application? We normalize, then compare for syntactic equality. We make sure that in comparison of abstractions both bound variables are the same:

(** [equal ctx e1 e2] determines whether normalized [e1] and [e2] are equal up to renaming
    of bound variables. *)
let equal ctx e1 e2 =
  let rec equal e1 e2 =
    match e1, e2 with
      | Var x1, Var x2 -> x1 = x2
      | App (e11, e12), App (e21, e22) -> equal e11 e21 && equal e12 e22
      | Universe k1, Universe k2 -> k1 = k2
      | Pi a1, Pi a2 -> equal_abstraction a1 a2
      | Lambda a1, Lambda a2 -> equal_abstraction a1 a2
      | (Var _ | App _ | Universe _ | Pi _ | Lambda _), _ -> false
  and equal_abstraction (x, t1, e1) (y, t2, e2) =
    equal t1 t2 && (equal e1 (subst [(y, Var x)] e2))
  in
    equal (normalize ctx e1) (normalize ctx e2)

And that is it! We have the core of the system written down. The rest is just chrome: lexer, parser, toplevel, error reporting, pretty printer. Those are the things nobody ever explains because they are boring as soon as you have managed to implement them once. Nevertheless, let us have a brief look. The code is accessible at the Github project andrejbauer/tt (the branch blog-part-I).

The infrastructure

Parser: `parser.mly` and `lexer.mll`

You never ever want to write a parser with your bare hands. Insetad, you should use a parser generator. There are many, I used menhir. Parser generators can be a bit scary, but a good way to get started is to take someone else’s parser and fiddle with it.

Pretty printer: `print.ml` and `beautify.ml`

Pretty printing is the opposite of parsing. In a usual programming language we do not have to print expressions with bound variables (because they get converted to non-printable closures), but here we do. It is worthwhile renaming the bound variables before printing them out, which is what Beautify.beautify does.

Error reporting: `error.ml`

Not surprisingly, errors are reported with exceptions. The only thing to note here is that it should be possible to do pretty printing in error messages, otherwise you will be tempted to produce uninformative error messages. Our implementation of course does that.

Toplevel: `tt.ml`

The toplevel does nothing suprising. After parsing the command-line arguments and loading files, it enters an interactive toplevel loop. One neat trick that the toplevel does is that it looks for rlwrap or ledit and wraps itself with it. This gives us line-editing capabilities for free.

The toplevel commands are:

Help. print a description of toplevel commands.
Context. print current context.
Parameter x : t. assume that variable x has type t.
Definition x := e. define x to be e.
Check e. infer the type of e.
Eval e. normalize e.

Here is a sample session:

tt blog-part-I
[Type Ctrl-D to exit or "Help." for help.]
# Parameter N : Type 0.
N is assumed
# Parameter z : N. Parameter s : N -> N.
z is assumed
s is assumed
# Definition three := fun f : N -> N => fun x : N => f (f (f x)).
three is defined
# Context.
three = fun f : N -> N => fun x : N => f (f (f x))
    : (N -> N) -> N -> N
s : N -> N
z : N
N : Type 0
# Check (three (three s)).
three (three s)
    : N -> N
# Eval (three (three s)) z.
    = s (s (s (s (s (s (s (s (s z))))))))
    : N

Where to go from here?

The whole program is 618 lines of code, and only 312 if we discount empty lines and comments. The core is just 92 lines, the rest is infrastructure. Not too bad. There are many ways in which we can improve tt, such as:

Improve efficiency by implementing de Bruijn indice or some other mechanism that avoids substitutions.
Improve the normalization procedure so that it unfolds definitins on demand, rather than eagerly.
Improve the parser so that it accepts more flexible syntax.
Improve type inference so that not all bound variables have to be explicitly typed.
Add basic datatypes unit, bool and nat.
Add simple products, coproducts and dependent sums.
Implement a cummulative hierachy so that $\mathtt{Type}_k$ is a subtype of $\mathtt{Type}_{k+1}$.
Add inductive datatypes.
Add a stronger judgmental equality, for example $\eta$-reduction.
Implement tactics and an interactive proof mode.
Rule the world.

I may do some of these in subsequent blog posts, if there is interest. Or if you do it, make a pull request on git and write a guest blog post!

Am I a constructive mathematician?

Andrej Bauer — Wed, 03 Oct 2012 04:54:07 +0000

It seems to me that people think I am a constructive mathematician, or worse a constructivist (a word which carries a certain amount of philosophical stigma). Let me be perfectly clear: it is not decidable whether I am a constructive mathematician.

But seriously, if anything, you may call me a mathematical relativist: there are many worlds of mathematics, and the view of the worlds is relative to which one I am in. Any attempt to bring mathematics within the scope of a single foundation necessarily limits mathematics in unacceptable ways. A mathematician who sticks to just one mathematical world (probably because of his education) is a bit like a geometer who only knows Euclidean geometry. This holds equally well for classical mathematicians, who are not willing to give up their precious law of excluded middle, and for Bishop-style mathematicians, who pursue the noble cause of not opposing anyone.

What could be more appealing to a mathematician than the idea that there is not one, but many, infinitely many worlds of mathematics? Would he not want to visit them all, understand how they are related, and see what happens to his favorite subject as he moves between them?

Let us consider an example. The real numbers are a mathematical object of fundamental importance, and have many aspects:

The reals as a set are uncountable and in bijection with the powerset of natural numbers.
The reals as an algebraic structure form a linearly ordered field.
The reals as a space are locally compact, Hausdorff, and connected.
The reals are a measurable space on which measure theory rests.
The reals of non-standard analysis contain infinitesimals.
The reals as understood by Leibniz contain nilpotent infinitesimals.
The reals as Brouwerian continuum cannot be decomposed into two disjoint inhabited subsets.
The reals are overt.

We can have some of these properties but not all at once. History has chosen for us a combination that is taught today as a dogma. Any attempt to deviate from it is met with opposition. Thus you probably consider 1, 2, 3, and 4 as true, 5 as something exotic you heard of, 6 as Leibniz’s biggest mistake, 7 as intuitionistic hallucination (because obviously the reals can be decomposed into the non-negative and negative numbers), and 8 as something you never heard of (but you should have because it is the concept dual to compactness and you have been using it all your life).

Once we break free from Cantor’s paradise that Hilbert threw us in we discover unsuspected possibilities:

It may happen that the reals are in 1-1 correspondence with a subset of the natural numbers, while at the same time they form an uncountable set.
It may happen that the reals form a proper class.
It may happen that every real number has a Turing machine computing its digits.
It may happen that the reals are not linearly ordered.
It may happen that the reals are locally non-compact, in the sense that every interval contains a sequence without an accumulation point.
It may happen that every subset of the reals is measurable.
It may happen that the reals can be covered by a sequence of intervals whose cumulative length does not exceed $1$.
It may happen that the reals contain nilpotent infinitesimals, which validate the 17th century calculations that physicists still use because, luckily, they did not subscribe entirely to the $\epsilon\delta$-dogma of analysis.
It may happen that every real function is continuous, and consequently the reals are not decomposable into two disjoint inhabited subsets.
It may happen that the reals are not overt, whatever that means.

It should be admitted that some of the possibilities are rather bizarre. For example, I do not know what good it is to have the reals as a subset of the naturals, but I am sure somebody could think of something. But why should a measure theorist ignore a world of mathematics in which every subset is measurable, or a computer scientist one in which all reals are computable, or a topologist one in which all functions are continuous, or an analyst one in which all functions are smooth?

I am not proposing that mathematics should be compartmentalized so that each branch sits in its world of mathematics, incompatible with others. That would be a grave mistake indeed. In fact, the unification of mathematics under the umbrella of classical set theory has been immensely successful precisely because it allowed mathematicians to discover deep and unsuspected connections between different branches of mathematics. We have learnt to look for connections between branches of mathematics, and now we must also learn to look for connections that span worlds of mathematics.

We cannot ignore the many worlds of mathematics. Therefore, mathematics must become applicable in a wide variety of worlds. Mathematicians have to be educated so that they develop multiple mathematical intuitions that help them feel how the worlds of mathematics behave.

I have so far not given you any technical definition of a mathematical world. Such a definition may be useful for showing meta-theorems, but I think it can never be exhaustive. A world of mathematics may be a forcing extension of set theory, or a topos, or a pretopos, or a model of type theory, or any other structure within which it is possible to interpret the basic language of mathematics.

At the moment I am visiting the Institute for Advanced Study as a member of the Univalent Foundations group. We are building a new foundation of mathematics whose language is type theory rather than set theory, and whose primary objects are homotopy types and not just bare sets. Do I think this is an exciting new development? Certainly! Will the Univalent foundations disrupt the monopoly of Set-theoretic foundations? I certainly hope so! Will it become the new monopoly? It must not!