Reading Between the Lines in Constructive T^pe Theory RAYMOND TURNER, Department of Computer Science, University of Essex, Wivenhoe Park, Colchester, Essex, CO4 3SQ. Abstract We formulaic and investigate various ways of (conservatively) extending Martin-LoTs type theories with separation types and choice principles and demonstrate how these extensions can be employed to formalize Bishop's mathematical practice of hiding and recovering witnessing information. Keywords: Constructive mathematics, type theory. Bishop's mathematics.
1 Lessons from Bishop Bishop thought of his work [2, 4] as providing a high-level programming language in which programs could be abstracted from proofs [2, pp. 345-357]. He expressed the hope that: each constructive result T can be realized as a computer program requiring minimal preparation and supervision by the operator of the computer [2, p. 355]. Obviously, this hope can be realized only within the context of a formal theory which supports the specification and development of programs in Bishop's constructive mathematics (BCM). Indeed, [3] contains an early theory which he advocated for such purposes. Martin-L6f's type theories [11, 12, 13] were not developed in response to BCM but rather as an attempt to provide a coherent philosophy of constructive mathematics. Nevertheless, of all the constructive set/class/type theories, they have been the most widely employed within computing science as a systematic means of specifying and developing programs. Our objective is to investigate how BCM's practice of suppressing and recovering witnessing information can be formalized in type theory. There are firm signs that exact constructive real arithmetic is computationally feasible [6], so the present paper can be seen as a contribution to the development of a theoretical framework for program development in exact real arithmetic. We first review Bishop's mathematical practice. There are two aspects to this; we consider them in turn.
1.1 Hiding witnessing information Bishop draws a distinction between the unofficial version of a concept and its official correlate. For example, in their official guise the notions of real number and positive real number might take the following forms. TZ =* S i 6 Z + => Q.Iln e Z+.Um e Z+.W[| xn - xm |< 1/n + 1/m]
n+ ss Szeft.Ene z + .w[i n > i/n].
This, for example, would be their representation in Martin-L6f's type theories. The elements of H are pairs consisting of an operation, i , from positive integers to the rational numbers, J. Logic Computat., Vol. 7 No. 2, pp. 229-250 1997
© Oxford University Press
230
Reading Between the Lines in Constructive Type Theory
together with an operation which, given two positive integers n, m, returns a witness to the truth of the proposition \xn — xm\ < 1/n + 1/m. Notice that the reals already contain a fair amount of witnessing information and this is carried over to the definition of the positive reals. Moreover, as definitions get stacked this witnessing information accrues. For example, consider the following definition of continuous functions. A function / G / =>• TZ on a compact interval / = [a, b] is continuous with modulus of continuity w 6 R+ ->• U+ iffVe G 7£+ .Vz G /.Vy G I.\x - y\ < w{e) ->•
l/(*) ~ I(V)\ < e. The witnessing information in the reals and positive reals is carried through to the notion of continuous function and further enriched by the modulus of continuity function. In this way the witnessing information gradually accumulates and the proofs and definitions become more and more cluttered. However, in Bishop's actual mathematical practice this does not happen since this information is systematically suppressed. To illustrate this consider the unofficial definitions of the reals and positive reals which employ separation types. R R+
=* {zG Z+ =>Q.VnG Z+.Vm 6 Z+.\xn - xm\ < 1 / n + l / m } 2 {x G R.3n e Z+.xn > 1/n}.
In his unofficial practice, Bishop works with these notions. For example, one can specify and prove (in the unofficial style) the existence of the multiplicative inverse function on the positive reals as follows. THEOREM
V.T G R + .3y G R+.x • y = 1 PROOF. Leti G R + . Thenx^ > 1/w for some w. Chooser > 0 such that 2/r < i ^ - l / w . Then, Vm > r.xm > 1/r. Define y as follows: yn yn
= =
\/xk3
ifnk.
Observe that Vn G Z + . i n < r. Let m,n G Z + . Let j>= max(m, r) and k = max(n, r). Then we have: \ym - y n | = |y m ||yn||z i r 2 - i f c r 0l < r2(l/jr2 - l/fcr 2 ) = l/j + l/k < 1/m + 1/n. Hence, y G R. To show that y G R + , observe that xn > 0, for sufficiently large n. Hence, y n > 1/KX (where Kx is the canonical bound for x), for sufficiently large n. We have now to check that x * y = 1. For this let 6 be the maximum of the canonical bounds for x and y. Write 2 for x * y. Then observe that: Vn > r.zn = i2nfc * J/2ni = a^nb/a^nr^fc- Hence, we
have: \zn - 1| = \x2nb - x2nr2b\/\x2nT,b\ < \y2nb\(l/2nb+l/2nr2b) < 1/n, forn > r. It follows that x*y = 1. Finally, observe that if x*r = 1 theny = y + (x*r) = (y*x)*r = (x*y)*r -r. I
Thefirstdifficulty with formalizing BCM in type theory is dealing with this hidden witnessing information: the types of the standard theories are completely presented and, in particular, there are no separation types. We address this aspect of Bishop in the next main section where we study various extensions to type theory which admit propositions and separation types.
Reading Between the Lines in Constructive Type Theory 231
1.2 Reading between the lines The second aspect of Bishop's practice relates to the recovery of information: given that we have buried the witnessing information in definitions and proofs, how can we get it back when we need it? For example, as it stands the above proof does not yield the actual inverse operation; officially it ought to operate on H+. However, this can recovered by an application of an appropriate version of the axiom of choice. (Vx e R + . 3 y e R + . z * y = 1) -> 3,2 6 U+ => "£ + .Vz € R+ A{x) * \{zx) = 1. Together with the employment of the term existence property for the theory, this allows the extraction of an actual inverse operation. Thus, the combined use of separation types and the axiom of choice enables constructive mathematics to take on the appearance of its classical counterpart. From a computational perspective this is attractive: in traditional programming we require high level programming languages which abstract away from implementation details; in constructive program development we require high level proofs in which information is hidden but can be recovered when required.
1.3 Removing redundant computational information in programs One reason for dwelling on Bishop's practice in some detail is to distinguish it from a related but different use of separation types. Program specifications in Martin-Lof's type theories take the following form: Ilz € T . E y 6
S.R[x,y].
Program development proceeds by employing the rules of the theory to locate an element of this type. However, this often results in programs which contain computationally irrelevant information. For example, suppose we wish to specify an operation on lists of numbers which is to be restricted to non-empty lists. In the standard type theories the input type T must take the form of a dependent sum: E y € List[N].NE[List[N],y,nil] where the type NE[List[N], y, nil] encodes the demand that the list y is non-empty. Consequently, an operation which meets this specification will require as an argument a list together with a witness that the list is non-empty. Thus it contains information which is computationally redundant.1 However, with separation types one can employ the input type {z e List[N].z ^Lut nil}. The witness is now hidden and is not required as an argument. Moreover, a witness for the predicate z ^Li»t nil can be canonically constructed. Indeed, it is for this very reason that it contains no important computational information. This has to contrasted with the role of separation types in Bishop where the information is not redundant but essential. 1
More recent work on the suppression of redundant computational information in programs includes that of Berardi and Boerio [5].
232
Reading Between the Lines in Constructive Type Theory
1.4 Related work There have been other attempts at formalizing BCM in type theory, the most notable being that of Howe and Chirimar [10, 7]. They provide a representation and implementation of BCM within the MUVIZC system [8]. However, at the representational level, they are not entirely successful. As we have indicated, one of the main difficulties in representing BCM in type theory is dealing with the hidden witnessing information. This aspect of BCM is not captured in the MUVRC representation. In particular, the AfUVTZC subtype constructor does not facilitate a representation of separation types where the predicate is computationally significant, e.g. the positive reals. Consequently, their representations do not reflect Bishop's mathematical practice. On the other hand, Feferman's theories [9], although specifically designed to formalize BCM, have no direct type-theoretic interpretation. Nevertheless, our treatment of Bishop's mathematics leans heavily on the work of Feferman.
2 Subset theories Type theories with separation types are usually called subset theories and we shall follow this convention. The only reasonably complete exposition of such a theory is that presented in [14]. However, since their main concern is to justify such a theory in terms of Martin-L6f's pure type theories, the presentation is rather informal. Moreover, there is no exploration of even the most elementary properties of the theory. Nor are any alternative theories considered let alone any comparisons made with other theories in the literature (e.g. HAW—Intuitionistic Finite Type Arithmetic). Our first objective; therefore, must be to set up a precise version of such a theory; indeed, we shall detail several such theories. Once in place, we explore their properties and their relationships with each other and, where appropriate, with other theories in the literature.
2.1 Minimal theory (MS) We build the theories upon a minimal base (MS). There are three classes of terms. The object terms (metavariables t,s,r) are constructed from variables (metavariables u,v,w,x,y,z), constants and operators (0, sc, p, rec, inl, inr, case, A, app, let). The type-terms (metavariables A, B, C,... ,S, T, R) are constructed from the type constants N and $ (empty type) via the proposition and type terms by the type operators © {disjoint unions), FI (dependent products), E (dependent sums) and { . } (separation types). The proposition terms (lower case greek letters as metavariables) are formed from the propositional constant Q (absurdity), object and type terms via the propositional operators: —• , A, V, V and 3. In addition we require symbols for the judgements of equality (=) and membership (e) together with the sequent arrow (•*+) plus auxiliary symbols (,), [,]. We assume the usual conventions regarding bound variables and substitution: T[s/x], t[s/z] and 4>[s/x] denote the result of substituting s for x in T, t and T (the function space) for IIx e S.T and S ® T (the Cartesian product) for T,x G S.T. FV(e) denotes the free variables of any expression. We shall add new constructors as we proceed through the various theories.
Reading Between the Lines in Constructive Type Theory
233
Judgements The complete set of judgements for the minimal theory is given as follows. (i) t £T membership (ii) t = s € T equality (iii) T type type judgement (iv) T = S type equality (v) tp prop proposition judgement (vi)
• 4> prop r, r ~* o
• THINl x £ FV(r U T)
THIN2
Substitution SUB
9[t/x]
Equality teT
t=teT REFl
=
teT
r,xeT,r'
SYM
t eT t = s'
~*4> prop
, x 6 T, T' — S type
REF2 s' =
TRANS
REP1 REP2
234
Reading Between the Lines in Constructive Type Theory r,xGT,r'-+s€S
r~>t =
t'€T
REP3 r,r[t/x] -»s[t/x) = s\t'/x) e s[t/x) Type equality T type T =T
T =S
REF
T = R R=S
SYM
S =T
t £T
T =S
T =S
te s
TRANS
MEM
Absurdity and the empty type ft
4> prop
(JIE)
ft
prop (fiF)
t e $ Ttype Pit) G T te
Conjunction V x\> prop
(VF)
d> xb prop
pV[x] ~**7i 77 prop
(3E)
Tl
Disjoint union t £T
Stype
fftTI
inl(t) eT®S s eT®s
t€
s
Ttype
inr(t) iE T © S
Ttj/pe Stype lT)T°
~ t' 6 fl[inr(y)/x] z eT®S
x eT — t e R[i
/TS C
''
T © Stype
~* H[z]£ype •ffiE
case l y s of [t, t'] € ^[«/z]
s£T
x€T ~>t£ R[in\(x)/z]
y £ S -» t' £ i?[inr(y)/z] :
case i v inl(s) of [t,t'J = t'[s/x] £ /Z[inl(s)/2] s£S
x £ T -+ t £ J?[inl(z)/z]
y £ S -+ t' £ i?[inr(j/)/x;]
ffiCl
©C2
case i y inr(s) of [«,«'] = t'[s/y] £ i?[inr(a;)/z] z € T ~ *[inl(x)/z]
y € S — [inr(t/)/z]
2 £ T © S ~* {z\prop -ffiPE
4-['/z]
Dependent products x6
s— « eT
Xx.t eUxe
S.T m
teUxe S.T se s
— ts 6 T[s/x]
nE
x € T -» Stype
Az.t 6 III 6 S.T se S
Ux G T.Stype
(Xx.t)s = t[s/x] £ T[s/x]
— IIF
nc
236
Reading Between the Lines in Constructive Type Theory
Dependent sums x e T ~+ Stype
t€T
Ex G T.Stype r G iZ[(x, y)/ let (x, y) be (t, s) in r = r[t/i, 5/y] G /?[(«, s)/z] 5 € Ex G T.S x G T, y G S[x] —
