Relational Parametricity and Units of Measure Andrew J. Kennedy In Proceedings of the 24th Annual ACM Symposium on Principles of Programming Languages, Paris, France, January 1997.

The following copyright notice is required by the ACM (see http://www.acm.org/pubs/copyright_policy.html). Copyright c 1997 by the Association for Computing Machinery, Inc. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from Publications Dept, ACM Inc., fax +1 (212) 869-0481, or [email protected]. Relational Parametricity and Units of Measure

Andrew J. Kennedy∗ LIX, Ecole´ Polytechnique 91128 Palaiseau cedex, France

Abstract work the author and other researchers have shown how the type system of a language can be extended to sup- Type systems for programming languages with numeric port the compile-time checking and automatic inference types can be extended to support the checking of units of dimensions or units of measure [7, 5, 15, 12]. In this of measure. Quantification over units then introduces article we study the semantics of such a language, and a new kind of parametric polymorphism with a cor- in particular, how the notion of parametricity (due to responding Reynolds-style representation independence Reynolds [11]) has an analogue here. principle: that the behaviour of programs is invariant The paper is structured as follows. In Section 2 we under changes to the units used. We prove this ‘dimen- introduce basic concepts from dimensional analysis and sional invariance’ result and describe four consequences. explain informally how a programming language can be The first is that the type of an expression can be used to extended with units of measure, giving illustrative ex- derive equations which describe its properties with re- amples in Standard ML. This motivates the formal defi- spect to scaling (akin to Wadler’s ‘theorems for free’ for nition in Section 3 of an explicitly-typed language whose System F). Secondly there are certain types which are denotational semantics is specified in the standard way inhabited only by trivial terms. For example, we prove using domains and continuous functions. This under- that a fully polymorphic square root function cannot lying semantics ignores the unit annotations in types; be written using just the usual arithmetic primitives. instead, units are accounted for by a binary relation Thirdly we exhibit interesting isomorphisms between over the underlying semantics defined in Section 4. Us- types and for first-order types relate these to the cen- ing the relation we prove the main result of this paper: tral theorem of classical dimensional analysis. Finally a parametricity theorem which captures the idea that we suggest that for any expression whose behaviour is the behaviour of programs is independent of the units dimensionally invariant there exists some equivalent ex- of measure used. The theorem is used in Section 5 to pression whose type reflects this behaviour, a conse- prove several properties of terms and types in the lan- quence of which would be a full abstraction result for guage, as outlined in the abstract above. In Section 6 a model of the language. we discuss whether it is possible to use the relation to construct a model of the language which is fully abstract with respect to the underlying cpo-based model. This 1 Introduction notion of relative full abstraction is believed to be new.

Ever since FORTRAN, programming languages have provided a numeric type suitable for modelling physi- 2 Motivation cal quantities in scientific computations. Typically these quantities possess units of measure (such as kilograms 2.1 Units and dimensions or pounds) which belong to some class, or dimension (such as mass), but existing programming languages Physical quantities are measured with reference to a unit treat all numeric values as dimensionless. In previous of scale. When we say that something is ‘6 metres long’ we mean that six metre-lengths placed end-to-end would ∗Current address: Persimmon IT, The Westbrook Centre, Mil- have the same length. The unit ‘metre’ is acting as a ton Road, Cambridge CB4 1YG, U.K., [email protected] point of reference, not just for the purpose of comparison (X is longer than a metre), but also for measurement (X is six times as long as a metre). A single quantity can Appears in the Proceedings of the 24th Annual ACM be measured in many different systems of units, some Symposium on Principles of Programming Languages, of which may even be non-linear (such as decibels) or Paris, France, January 1997. c ACM. have an origin not at zero (such as degrees Celsius). In

1 computer science terms, these can be seen as isomorphic acceleration due to gravity g. After performing dimen- data representations; then the notion of dimension is a sional analysis it is possible to assert that the equation class of representations. must be of the form t = l/g φ(θ) for some function It is usual in science to fix a set of base dimensions φ of the angle θ. Of course it turns out that for small which cannot be defined in terms of each other such as angles φ(θ) ≈ 2π, but dimensional analysis got us a mass, length and time (abbreviated to M, L and T). long way – in particular, the period of oscillation turned Derived dimensions are products of powers of base di- out to be independent of the mass m. In general, any mensions; the dimensions of force are MLT−2, for ex- dimensionally consistent equation over several variables ample. Similarly there are base units: the SI units for can be reduced to an equation over a smaller number of mass, length and time are respectively kilograms, metres dimensionless terms which are products of powers of the and seconds. Examples of derived units include inches original variables. This is known (rather awkwardly) as (0.0254 metres) and newtons (1.0 kg m s−2). Of course, the Pi Theorem (Π = product) [3]. this division of dimensions and units into base and de- rived is arbitrary, and one could easily work with, say, 2.3 Some design choices force, acceleration and velocity instead of mass, length and time. There are a number of parameters involved in the design Dimensionless quantities are common in science. Ex- of a programming language that supports the prevention amples include refractive index, coefficient of restitution of dimension errors. We fix these now. and angle. The last should properly be considered di- First, should numeric types be parameterised on units mensionless though it is tempting to think otherwise – or dimensions? If several units with the same dimen- after all, angles are expressed in ‘units’ of radians. Nev- sion are permitted, then parameterising on units is the ertheless, it is just a dimensionless ratio of two lengths: sensible choice – it is even possible for the compiler to the distance along an arc divided by the radius it sub- insert conversions between different units automatically. tends. Semantically, too, it makes sense: the type of an expres- sion which is polymorphic in its units, denoted ∀u.τ,can 2.2 Dimensional analysis be interpreted as meaning ‘for all changes in the units of measure u’. The addition, subtraction or comparison of two quan- The second question is whether or not to allow units / tities with different dimensions is invalid dimensionally, such as kg1 2. We take the view that if such a thing whereas their product or quotient has dimensions which arose, it would suggest revision of the set of base units are the product or quotient of the corresponding dimen- rather than the use of fractional exponents, and there- sions. If a formula or equation is free of dimension errors, fore we assume that powers of units are integers. then it is said to be dimensionally consistent. For scien- Static checking of units of measure is of limited value tists and engineers, dimensional consistency is a handy without polymorphism, since even something as simple check on correctness, for dimensional inconsistency cer- as a squaring function must be polymorphic if it is ap- tainly indicates that something is amiss. Therefore the plied to values with different units. There are many va- automatic checking of numerical programs for dimension rieties of polymorphism (for example, ad hoc, subtype, errors is potentially very useful. conjunctive, parametric) but only parametric polymor- Why does dimension checking work? The answer lies phism suits units of measure, as was recognised even in in the assumption that physical laws are dimensionally an early proposal to extend Pascal with units and di- invariant [9] (or unit-free [3]): they remain the same mensions [6]. Parametric polymorphism itself comes in under changes in the units of measure used. Philo- many flavours. All of the work on type inference cited in sophically, this is profound: why should they have the the introduction is based on ML-style polymorphism, in same form at all scales? Pragmatically, it leads to a which quantifiers (over types and over units or dimen- very useful technique called dimensional analysis.The sions) appear only outermost in a type, and polymor- idea is simple: when investigating some physical phe- phism is introduced solely through the let construct and nomenon, if the equations governing the phenomenon not in lambda abstractions. On account of these restric- are not known but the parameters are known, one can tions, the automatic inference of types from typeless ex- use the dimensions of the parameters to narrow down pressions is possible – sometimes referred to as implicit the possible form the equations may take. For example, typing. In contrast, the explicitly-typed polymorphic consider investigating the equation which determines lambda calculus (or System F) allows quantifiers to be the period of oscillation t of a simple pendulum. Pos- nested inside types; moreover, its type system is impred- sible parameters are the length of the pendulum l,the icative in that the quantification in a polymorphic type mass m, the initial angle from the vertical θ and the ∀t.τ ranges over all types including ∀t.τ itself. In this

2 article we study polymorphism for units of measure in 2.5 Preview the style of System F: syntactically it is simpler (there is We now preview informally some results which are given no need for let or a separation between simple types and substance in later sections. type schemes), the type isomorphisms described later For the polymorphic lambda calculus and similar cal- turn out to be definable in the system itself, and be- culi, the essence of relational parametricity is the follow- cause units can appear inside types but not vice versa, ing: if a term e has polymorphic type ∀t.τ, then for any the system is predicative. Also, it is more interesting! relation between values of types τ1 and τ2 the behaviour { → } { → } of eτ1 : t τ1 τ and eτ2 : t τ2 τ is related in a 2.4 Examples in Standard ML corresponding way. In a sense, e is independent of the Consider writing a function which differentiates another representation of values of type t. For example, if e has ∀ → × function numerically using the formula type t.t (t t), then for any ‘change of representa- tion’ function k : τ1 → τ2, f(x + h) − f(x − h) f (x) ≈ . ≈ × 2h eτ2 (k(x)) (k k)(eτ1 (x)) The ML code for this accepts a function f and increment where k × k def= λy.k(y),k(y) and ≈ is an appropriate h as arguments and returns a new function which is an notion of observational equivalence. Wadler calls such approximation to the derivative of f: results ‘theorems for free’ [14] because they are derived fundiffhfx=(f(x+h) - f(x-h)) / (2.0 * h) purely from the type of a term without inspecting its Using parametric polymorphism over units of measure definition. this function can be assigned the type Analogously, we will prove that the behaviour of a term e of type ∀u.τ is independent of the representation ∀ ∀ num → num → num u1. u2. u1 ( u1 u2) assigned to u, that is, the units of measure. Suppose → num → num · −1 ( u1 u2 u1 ), that e has type ∀u.num u → num u2. It should not which specifies succinctly the relationship between the matter what units an argument to e has, and if they units of f (which are arbitrary), the increment h and the were scaled by a conversion factor k, then the result resulting derivative. Our second example is a recursive should scale by k2. To be concrete, suppose that an function for finding a solution to the equation f(x)=0 argument whose units are in kilograms is converted into − using Newton’s method of iteration: pounds by means of a conversion factor k =2.2lbkg 1. Then − f(xn) xn+1 = xn . f (xn) elb(k ∗ x) ≈ k ∗ k ∗ ekg(x). The ML code is as follows: The equivalences above cut down the space of possible fun newton f f’ x xacc = terms with types ∀t.t → (t × t)and∀u.num u → num u2. letvaldx=fx/f’x For some types, the space of terms can be cut down valx’=x-dx even further. For instance, we will prove that functions in of type ∀u.num u2 → num u cannot return a non-zero if abs dx / x’ < xacc then x’ result for any argument value. Hence it is not possible else newton f f’ x’ xacc to write an approximate square root function with this end polymorphic type. It accepts a function f, its derivative f’, an initial esti- Even more curious is the existence of certain isomor- mate x and a relative accuracy xacc. Its type is phisms between types – that is, maps from values of one type to the other and vice versa which compose to give ∀u1.∀u2.(num u1 → num u2) → num → num · −1 the identity. For the simply typed lambda calculus there ( u1 u2 u1 ) ∼ exist isomorphisms such as τ1 ×τ2 = τ2 ×τ1 (exchanging → num u1 → num 1 → num u1. ∼ components of a pair) and τ1 × τ2 → τ3 = τ1 → τ2 → τ3 The variable xacc and the constant 2.0 are both di- (currying and uncurrying) [4]. For a language with poly- mensionless, as indicated by the symbol 1. Note, how- morphism over units of measure, the following more in- ever, that zero should be polymorphic and take any teresting isomorphism holds (with certain restrictions): units of measure. If this were not the case, polymor- ∀u.num u → num u → num u ∼ num 1 → num 1. phic types could not be assigned to functions such as = fn x => 0.0 - x or the function which sums the ele- We show later that isomorphisms like this are intimately ments of a list and returns zero for the empty list. For related to the Pi Theorem from dimensional analysis an analogy, consider the polymorphic type ’a list as- described in Section 2.2, and for first-order types prove signed to [] in Standard ML. its programming language equivalent.

3 3 An explicitly-typed language of units of measure:

u1 · u2 = u2 · u1 commutativity We are now ready to formalise the syntax, type system, (u1 · u2) · u3 = u1 · (u2 · u3) associativity and denotational semantics of a programming language u · 1 = u identity that supports units of measure. u · u−1 = 1 inverses

These equations are extended to congruence relations =E over unit and type expressions by closure under re- 3.1 Units and types flexivity, symmetry, transitivity, substitution of unit ex- pressions for unit variables, and congruence. The syntax for units (ranged over by µ) and for types Let µn denote the raising of µ to the power n ∈ Z: (ranged over by τ) is specified as follows:  µ · ··· ·µ (n-fold product) if n>0, n def µ ::= u unit variables µ = 1 if n =0,  | 1 ‘no units’ µ−1 · ··· ·µ−1 (−n-fold product) if n<0. | µ1 · µ2 product | µ−1 inverse With this notation, it is easily seen that any unit ex- pression µ can be written in the form τ ::= bool booleans z1 · ··· · zn | num µ numbers with units of measure µ =E u1 un | τ → τ functions 1 2 where u ,... ,un are distinct and z ,... ,zn are non- |∀ 1 1 u.τ polymorphic types zero. We call this the normal form of µ.

Unit variables (ranged over by u) are used both to stand 3.2 Terms for base units (such as kilograms, metres and seconds) and to express polymorphism through explicit quantifi- The language which we study is a typed lambda calculus cation. We will see later that the distinction is really Λu with constructs for explicit introduction and elimi- that of free and bound occurrences. Variables are com- nation of units of measure quantification. In the absence bined using product and inverse, and the symbol 1 is of type polymorphism, fixed-point and conditional con- used for dimensionless quantities. Types include the structs are built-in, with unit-polymorphic arithmetic booleans, a numeric type parameterised by units, func- operations and numeric constants provided by a stan- tion types and unit-polymorphic types which are iden- dard environment. The syntax of terms is as follows: tified up to renaming of bound variables. In addition to e ::= x identifiers the usual binding conventions on arrows and quantifiers, | λx : τ.e function abstraction we let inverse bind tighter than product which in turn | e e function application binds tighter than num. 1 2 | if e then e else e conditional V 1 2 3 Given a set of unit variables , the set of all unit ex- | rec x : τ.e recursive definition V V pressions with variables in is denoted Units( ), and | Λu.e units abstraction V likewise Ty( )fortypeswhosefree variables are drawn | eµ units application from V. A substitution S ∈ Subst(V, V) is a map from V to Units(V) which extends homomorphically to maps The typing rules are shown in Figure 1. As usual, Γ from Units(V) to Units(V) and from Ty(V)toTy(V) ranges over type environments: finite maps from identi- in the usual way, avoiding variable capture in polymor- fiers to types. The set of all type environments with free phic types by renaming bound variables where neces- variables in V is denoted TyEnv(V), and the equivalence sary. We write Sµ and Sτ for the application of a sub- relation =E and definition of substitution extend point- stitution S to unit expression µ and type τ. The partic- wise to type environments. Then a well-formed typing ular substitution which maps u to µ is written {u → µ}, judgment V;Γ e : τ means and iV,V
∈ Subst(V, V ) is the canonical inclusion for ∈ V V⊆V. “Under type environment Γ TyEnv( )the expression e has type τ ∈ Ty(V)”. The most unusual aspect of the type system is that the algebraic properties of units of measure are built into It is assumed that complete programs in Λu are typed the typing rules via an equational theory of types. Let in the context of a type environment Γops ∪ Γunits, where E be the set of axioms which define an Abelian group Γops supplies the types of basic arithmetic operations

4 V;Γ∪{x : τ1} e : τ2 V;Γ e1 : τ1 → τ2 V;Γ e2 : τ1 (id) (abs) (app) V;Γ∪{x : τ} x : τ V;Γ (λx : τ1.e):τ1 → τ2 V;Γ e1 e2 : τ2

V;Γ e1 : bool V;Γ e2 : τ V;Γ e3 : τ V;Γ∪{x : τ} e : τ (cond) (rec) V;Γ if e1 then e2 else e3 : τ V;Γ (rec x : τ.e):τ

V;Γ e : τ1 V∪{u};Γ e : τ V;Γ e : ∀u.τ (eq) τ1 =E τ2 (∀-intro) u/∈V (∀-elim) V;Γ e : τ2 V;Γ Λu.e : ∀u.τ V;Γ eµ : {u → µ}τ

Figure 1: Typing rules: V;Γ e : τ well-formed if Γ ∈ TyEnv(V)andτ ∈ Ty(V)

mains, then D⊥ is the set {⊥} ∪ { [d] | d ∈ D } in ⊥ · Γ = which is the new least element and [ ] is the canonical ops → { 0 : ∀u.num u, map from D to D⊥,andD E is the set of continuous 1 : num 1, functions between D and E ordered pointwise. Then for + : ∀u.num u → num u → num u, each type τ a domain of values [[τ]] is defined as follows: - : ∀u.num u → num u → num u, [[ bool]] = B⊥ * : ∀u1.∀u2.num u1 → num u2 → num u1 · u2, − ∀ ∀ num → num → num · 1 [[ num µ]] = Q⊥ / : u1. u2. u1 u2 u1 u2 , ∀ num → num → bool } < : u. u u [[ τ1 → τ2]] = [[ τ1]] → [[ τ2]] [[ ∀u.τ]] = [[ τ]] Γunits = { kg : num kg, m : num m, s : num s } Here B is the discrete cpo consisting simply of the values true and false,andQ is the discrete cpo of rationals. Figure 2: Type environments Γops and Γunits Notice how the units of measure have been ignored – the semantics of units will be captured by a logical relation defined in the next section. and Γunits supplies types for base units as shown in Fig- A value environment ρ which respects some type en- ure 2. The availability of a comparison test allows the vironment Γ is a finite map from identifiers in dom(Γ) to writing of iterative functions such as newton from Sec- values so that whenever Γ(x)=τ then ρ(x) ∈ [[ τ]] . We tion 2.4, and also trigonometric functions such as sin write [[Γ]] for the set of all value environments respect- and cos of type num 1 → num 1. For simplicity we ing Γ. If V;Γ e : τ then the meaning of e is given by provide only the constant 1 of type num 1; all other a map [[e]]:[[Γ]]→ [[ τ]] defined inductively in Figure 3. dimensionless rationals can be constructed from this Again the units are ignored – this underlying semantics using the arithmetic operations provided. When pre- just resembles that of PCF [10] with rationals in place senting examples, however, we will freely use constants of integers. r ∈ Q and also constructs such as e1 ∗ e2 instead of the clumsy *µ1 µ2 (e1)(e2) (assuming that e1 and e2 have types num µ1 and num µ2). 4 Dimensional invariance To formalise the ideas sketched in Section 2.5, we will 3.3 Denotational semantics define type-indexed relations between domains, parame- † terised on scaling environments which represent changes We define a call-by-name denotational semantics for to the units of measure. For the base type num µ the Λu in the usual way using complete partial orders (or scaling will depend directly on the units µ, so that, for domains) and continuous functions (a good reference instance, if r ∈ Q scales at type num u to give kr for is [16]). Our notation is standard: if D and E are do- some k ∈ Q+, then r should scale at type num u2 to 2 †Chosen for ease of presentation; similar results should hold give k r . Thus the obvious approach (and the one taken for a call-by-value language. in [8]) is to assign a scale factor k ∈ Q+ to each unit

5 ψ ⊆ × ∈ V ∈E V [[ e]]:[[Γ]]→ [[ τ]] Rτ [[ τ]] [[ τ]] f o r τ Ty( ),ψ ( )

ψ Rbool =(idB)⊥ [[ x]] ( ρ)=ρ(x) ψ Rnum µ = ψ(µ)⊥ [[ λx : τ.e]] ( ρ)(v)=[[e]] ( ρ[x → v]) ψ ψ → ψ Rτ1→τ2 = Rτ1 Rτ2 [[ e e ]] ( ρ)=[[e ]] ( ρ)([[e ]] ( ρ)) ψ χ(ψ) | ∈ V V∪{ } 1 2 1 2 R∀u.τ = Rτ χ ExtE ( , u ) ⊥ if [[e1]] ( ρ)=⊥ if then else true [[ e1 e2 e3]] ( ρ)=[[ e2]] ( ρ)if[[e1]] ( ρ)=[ ]  Figure 4: Family of relations induced by E [[ e3]] ( ρ)if[[e1]] ( ρ)=[false] where v0 = ⊥ and [[ rec x : τ.e]] ( ρ)= vi vi =[[e]] ( ρ[x → vi]) i∈N +1 property: that if ψ ∈E(V )andS ∈ Subst(V, V ) then [[ Λ u.e]] ( ρ)=[[e]] ( ρ) ψ ◦ S ∈E(V). Given V⊆V,anextension of scaling environments is a map χ : E(V) →E(V) with the prop- [[ eµ]] ( ρ)=[[e]] ( ρ) erty that χ(ψ) ◦ iV,V
= ψ for all ψ ∈E(V). We write ExtE (V, V ) for the set of extensions from E(V)toE(V ). Figure 3: Underlying semantics for V;Γ e : τ Using these constructions, a family E of scaling envi- ψ ronments induces a family {Rτ ⊆ [[ τ]] × [[ τ]] } of scaling relations parameterised on a type τ ∈ Ty(V)andascal- ∈EV variable, and then extend this uniquely to a homomor- ing environment ψ ( ). This is shown in Figure 4. phism from the Abelian group of (equivalence classes of) For booleans it is the identity relation, for functions it carries related arguments to related results (this makes unit expressions into the Abelian group of scale factors. ψ However this is not sufficient for proving inhabitation Rτ a logical relation), and for polymorphic types it re- results such as the square root example mentioned ear- quires that values be related at all possible extensions of lier. So, instead, to avoid anticipating any particular the scaling environment on the quantified unit variable. notion of scaling we split dimensional invariance into The relations on values extend pointwise to relations on { ψ ⊆ × } ∈ V two parts. First, we prove a parametricity result for Λu environments RΓ [[Γ]] [[Γ]] for Γ TyEnv( )and ∈E V which holds for a very general definition of scaling en- ψ ( ). We omit the scaling environment ψ when τ V ∅ vironments. Then we show that the standard interpre- or Γ is closed (and = ), writing Rτ and RΓ respec- tively (as there is only one choice of scaling environment, tation of constants in Γops imposes a notion of scaling on the scaling environments that subsumes the homo- namely that which maps 1 to the identity relation). morphisms described above. These two results together In order for relations to preserve the fixed-point in- constitute dimensional invariance. terpretation of recursive definitions, they must be strict We start by defining some standard constructions on and complete, that is, preserve ⊥ and least upper bounds relations. If R ⊆ D × E is a relation between do- of chains. mains, then R⊥ ⊆ D⊥ × E⊥ is the relation {(⊥, ⊥)}∪ ψ Lemma 1. Let E induce a family of relations {R }. { ([d] , [e]) | (d, e) ∈ R }. For a domain D, the iden- τ For any τ ∈ Ty(V) and ψ ∈E(V), the following hold: tity relation idD ⊆ D × D is just { (d, d) | d ∈ D }. ⊆ × ⊆ × ψ Finally, if R D E and S D E then 1. (⊥, ⊥) ∈ Rτ . (R → S) ⊆ (D → D) × (E → E) is the relation { } { } ∈ ψ { (f,g) | (d, e) ∈ R ⇒ (f(d),g(e)) ∈ S }. 2. If vi and vi are chains for which (vi,vi) Rτ ψ Let a scaling environment ψ be a map from unit ex- for all i ∈ N, then ( {vi}, {vi}) ∈ Rτ . pressions to binary relations on Q which respects unit Proof. By induction on the structure of τ. equivalence (if µ1 =E µ2 then ψ(µ1)=ψ(µ2)) and which † preserves the identity element (that is, ψ(1)=idQ). The interaction of substitutions with scaling relations E A family of sets of scaling environments provides for is captured by the following lemma. each set of variables V asetE(V) consisting of scaling ψ environments over Units(V), with the following closure Lemma 2. Let E induce a family of relations {Rτ }. † Then for any τ ∈ Ty(V), S ∈ Subst(V, V ) and ψ ∈ Strictly speaking this latter property is not required by the ψ◦S ψ parametricity theorem but its inclusion simplifies the presentation, E(V ) it is the case that Rτ = RSτ . and clearly will be required later to scale dimensionless constants to themselves. Proof. By induction on the structure of τ.

6 We are now ready to prove the parametricity result. In essence this states that if two value environments G is a subgroup of Units(V), E (V)= ψG,h | are related with respect to some scaling environment, ops h ∈ hom(G, Q+) then the interpretations of an expression under those environments are related in a corresponding way. For- where mally, we write V;Γ|=E e : τ if for any scaling environ- ment ψ ∈E(V) and pair of related value environments def { (r, h(µ)r) | r ∈ Q } if µ ∈ G, ψG,h(µ) = ∈ ψ ∈ ψ { } (ρ, ρ ) RΓ it follows that ([[e]] ( ρ), [[ e]] ( ρ )) Rτ . (0, 0) otherwise. Theorem 1 (Parametricity). Figure 5: Sets of scaling environments preserving ρ V;Γ e : τ ⇒V;Γ|=E e : τ. ops

Proof. By induction on the typing derivation. The cases for (abs) and (app) follow as usual for logical relations, is a bijection of the form { (r, kr) | r ∈ Q } for some the identity relation on booleans is required for (cond), k ∈ Q+ (for details of the proof, see Appendix A). This the case for (eq) uses the fact that ψ respects =E,and still leaves the possibility of singleton relations {(0, 0)}, Lemma 1 is used in (rec). We present the remaining and indeed these do occur. The end result is the family cases in detail. Eops shown in Figure 5. In this definition, G is a sub- (∀-intro). We need to show group of the Abelian group Units(V), that is, it is a sub- set that is closed under all unit-forming constructions.† V∪{u};Γ|=E e : τ ⇒V;Γ|=E Λu.e : ∀u.τ. Then h ∈ hom(G, Q+) is a homomorphism from G into the Abelian group of positive rationals with product as ∈E V ∈ ψ Suppose that ψ ( ) and (ρ, ρ ) RΓ . Now pick any the group operation (that is, h(µ1 · µ2)=h(µ1)h(µ2), ∈ V V∪{ } ∈ χ(ψ) −1 χ ExtE ( , u ). Then (ρ, ρ ) RΓ because h(µ )=1/h(µ)andh(1) = 1). For example, con- ∈V 2 3 u/ , and for the antecedent of the above implication sider the set of unit expressions generated from u1u2 χ(ψ) 2 Q+ to hold it must be the case that ([[e]] ( ρ), [[ e]] ( ρ )) ∈ Rτ . and u2. Homomorphisms from this into take the 2m · 3m+2n → m n ∈ Q+ From the semantics [[Λu.e]] = [[ e]] so given the definition form u1 u2 k1 k2 for k1,k2 . of the relation at polymorphic type we have just shown The essence of the theorem which follows is that Eops ψ that ([[Λu.e]] ( ρ), [[ Λ u.e]] ( ρ )) ∈ R∀u.τ . consists of exactly those scaling environments which pre- (∀-elim). We need to show serve all the constants in ρops. By a slight abuse of no- tation we write E⊆E if E(V) ⊆E(V) for all V. V;Γ|=E e : ∀u.τ ⇒V;Γ|=E eµ : {u → µ}τ. Theorem 2 (Completeness of Eops). Suppose that E ψ ∈E V ∈ { → induces RΓops .Then Suppose that ψ ( ) and (ρ, ρ ) RΓ .LetS = u µ}∈Subst(V∪{u}, V). It is easy to see that the map (ρops,ρops) ∈ R ⇐⇒ E ⊆ E ops. ψ → ψ◦S is an element of ExtE (V, V∪{u})sowhenthe Γops antecedent of the above implication holds it is the case ψ◦S Proof. See Appendix A. that ([[e]] ( ρ), [[ e]] ( ρ )) ∈ Rτ . By Lemma 2 we know ψ◦S ψ that Rτ = RSτ , and because [[eµ]] = [[ e]] the required Sieber proves a similar result in his application of log- result is reached. ical relations to PCF to remove elements that destroy full abstraction [13]. He shows that certain sequential In the sections which follow we will apply Theorem 1 relations are exactly the logical relations under which to terms which have been typed under the type envi- all the constants of PCF are invariant. ronment Γops and interpreted in the presence of a value Before presenting sophisticated applications of Theo- environment ρops ∈ [[ Γops]]. We assume that ρops assigns rems 1 and 2 we observe the important special case that to 0, 1, +, -, *, / and < their usual arithmetic meanings the behaviour of a program is independent of the values (with division by zero leading to divergence). To get the assigned to the base units. Suppose that a boolean- most out of Theorem 1 we now find the largest collection valued expression e is typed under the type environ- E ∈ of scaling environments such that (ρops,ρops) RΓops ments of Figure 2: E for the relation RΓops induced by . First observe that the polymorphism of zero forces {kg, m, s};Γops ∪ Γunits e : bool. ∈E V V (0, 0) to be in every relation ψ(µ) ( ) for any and † G ⊆ V / ∈ V To be really precise, we should write Units( ) =E and µ Units( ). It also turns out that if any pair not of the distinguish a unit expression µ ∈ Units(V) from its equivalence form (0, 0) is present in a relation ψ(µ), then the relation class [µ]=E ∈ Units(V)/=E . For simplicity we avoid this.

7 Given the environment ρops ∈ [[ Γops]] described above, Example (Square root). Consider the typing it is the case that [[e]] ( ρops ∪ ρunits) has the same value ∀ num 2 → num for any ρunits ∈ [[ Γunits]], with one proviso: the values Γops e : u. u u. chosen for ρunits must be positive. This is due to the possibility that e could test their sign using the compar- Let f =[[e]] ( ρops). Then by Theorems 1 and 2, for any ∈E { } ∈ 2 ison function <. Intuitively, it makes no sense for units scaling environment ψ ops( u ), if (v,v ) ψ(u )⊥ ∈ of measure to be negative or zero. then (f(v),f(v )) ψ(u)⊥.Takeψ to be In the rest of this paper, we assume that scaling re- n n ψ ψ(u )={ (r, k r) | r ∈ Q } lations Rτ are induced by Eops and that V;Γ |= e : τ is shorthand for V;Γ|=E e : τ. ops for some scale factor k ∈ Q+. First observe that if f(⊥)=[r] then r = 0, so it follows from monotonic- 5 Dimensional invariance applied ity of functions that f(v) = [0] for any other argument v. In other words, if f is not strict then it must be 5.1 Theorems for free the constant zero function. Now if f([r]) = ⊥ then f( k2r )=⊥,andiff([r]) = [r] then f( k2r )=[kr]. Theorems 1 and 2 can be used to derive equivalences of This cuts down the range of possible functions some- the kind that Wadler calls ‘theorems for free’ [14]. We what. If f diverges on any value without a rational root give examples informally; the formal reasoning involved then it must diverge on all such values. Also, if it re- is tedious but trivial, and always involves picking scaling turns zero for any value without a rational root then it environments of the form must return zero for all such values. So we have the

z1 zn z1 zn intriguing possibility of a function which finds rational ψ(u ···un )={ (r, k ···kn r) | r ∈ Q } 1 1 roots when they exist, but which otherwise returns zero + for some scale factors k1,... ,kn ∈ Q . For clarity we or just loops. Amusingly, it is actually possible to write omit unit information from expressions, as would be the such a function simply by enumerating all rationals until case for an implicitly-typed language such as ML. reaching the root but looping if none exists. However, Example (Powers). Consider an expression e with this function must be assigned the dimensionless type num → num the following type for some n ∈ Z: 1 1; to prove formally that it cannot be polymorphic we use scaling environments defined by n Γops e : ∀u.num u → num u . ψ(u2n)={ (r, knr) | r ∈ Q } Then for any k ∈ Q+ the following equivalence holds: ψ(u2n+1)={ (0, 0) } e(k ∗ x) ≈ kn ∗ e(x). for k ∈ Q+. Under such an environment, either f([r]) = f([kr]) = ⊥ or f([r]) = f([kr]) = [0]. Hence if f di- Example (Differentiation). Suppose that e has the verges for any positive argument then it must diverge type of the differentiation function from Section 2.4: for all positive arguments, and if f returns zero for any positive argument then it must return zero for all pos- ∀ ∀ real → num → num Γops e : u1. u2. u1 ( u1 u2) itive arguments. Extending this to all arguments, it → num → num · −1 ( u1 u2 u1 ). follows that f is characterised by Then for any k ,k ∈ Q+ the following equivalence  1 2  holds: v1 if r<0, ∗ f([r]) = v2 if r =0, ≈ k2 ∗ h f(x k1) x  ehfx e λx. . v3 if r>0, k1 k1 k2 k1

where each of v1, v2 and v3 is either ⊥ or [0]. With the constant zero function included this yields just nine 5.2 Type inhabitation possible functions. Conventional parametricity can be used to characterise We can make sense of this result in two ways. First, all terms with a particular type. For example, there is no consider the operation of a root-finding function. It term in System F with type ∀t.t, and for a fragment of must start with an initial estimate for the root (type: ML the type ∀t.t → t contains only the identity function num u) and yet it cannot generate this estimate from its and the always-divergent function [2]. Analogous results argument (type: num u2) using only the built-in arith- can be obtained for Λu. metic operations. The only value of type num u which

8 it can construct is zero, and this is useless. A more se- Our final example is the type ∀u1.∀u2.(num u1 → mantic explanation is the following. The final estimate num u2) → num u1 · u2. Perhaps a function that calcu- of the root is just that – an estimate – and the degree lates the area under a curve might have this type – in- of error will scale with respect to the degree of error tuitively, though, such a thing is impossible as there are b in the initial estimate. If this initial estimate is some no arguments representing bounds (a, b in a f(x) dx)or fixed number then the error will depend on the units in increment values. which the argument is measured, and hence the function cannot be uniformly polymorphic in units of measure. Example (Integration). There is no term e with typ- We are led to the conclusion that in order to write ing polymorphic root-finding functions it is necessary to ∀ ∀ num → num → num · provide an initial estimate for the root as an addi- Γops e : u1. u2.( u1 u2) u1 u2 tional argument. For example, it is possible to write and non-trivial meaning f =[[e]] ( ρ ). an approximating square root function with the type ops ∀u.num u → num u2 → num u. It is also interesting Proof. From Theorems 1 and 2 we know that for any to note that one can write a unit-polymorphic function ψ ∈Eops({u1,u2})andg,g ∈ [[ num u1 → num u2]] , that accepts two√ numbers a and b and returns an ap- 2 2 ∈ ψ ⇒ ∈ ψ proximation to a + b . This function has the type (g,g ) Rnum u1→num u2 (f(g),f(g )) Rnum u1·u2 . ∀u.num u → num u → num u, and would use some lin- ear combination of a and b as its initial estimate for the Suppose that ψ is the following: root. idQ if m =0, For the next example we formalise the use of the term ψ(um · un) def= non-trivial. 1 2 { (0, 0) } otherwise. • ∈ Q  A value r is non-trivial if r =0. ∈ ψ If we set g = g then (g,g) Rnum u1→num u2 , hence • ∈ → ψ A value f D E is non-trivial if f(d)isnon- (f(g),f(g)) ∈ Rnum u1·u2 and so f(g) ∈{⊥, [0]}. trivial for some d ∈ D. • A value d ∈ D⊥ is non-trivial if d =[d] for some 5.3 Type isomorphisms ∈ non-trivial d D. Consider the types

Example (First-order types). Consider the typing def τ1 = ∀u.num u → num u → num u Γops e : ∀u1 ...∀um.num µ1 →···→num µn → num µ def and τ2 = num 1 → num 1. a1j amj b1 b where µj = num(u ···um )andµ = num(u ···u m ) 1 1 m If arguments are restricted to positive values, it can be for a ,... ,amn,b ,... ,bm ∈ Z. Thereexistsanex- 11 1 shown that τ is isomorphic to τ , that is, there exists a pression e with this typing with non-trivial meaning 1 2 map i from values of type τ1 to values of type τ2, and a f =[[e]] ( ρops) if and only if there is a solution in integers map j from τ2 to τ1 such that i◦j and j ◦i are identities. z1,... ,zn to the equations Furthermore, these maps are definable in Λu:

a11z1 + ···+ a1nzn = b1 def i = λf : τ .λy : num 1.f1(1)(y) . 1 . def j = λg : τ2. Λu.λx : num u. λy : num u. x ∗ g(y/x) am1z1 + ···+ amnzn = bm. Proof. For the (if) part, we exhibit the term Intuitively, a function of type τ1 can be reduced to a function of type τ2 if one of its arguments is considered Λu1 ...um. to be the ‘units’ by which the other argument is mea- z num num 1 ∗···∗ zn λx1 : µ1. ...λxn : µn.x1 xn . sured. Let us be more precise. The type τ of a function with For (only if), use the scaling environment n numeric arguments and a numeric result has a domain  z of values  1 ··· zn idQ if µ =E µ1 µn n ψ(µ)= for some z ,... ,zn ∈ Z, [[ τ]] = Q⊥ → ...→ Q⊥ → Q⊥.  1 {(0, 0)} otherwise. Let τ1 and τ2 be such types with m and n arguments respectively. Then τ1 and τ2 are isomorphic for positive

9 ∼+ values, written τ1 = τ2, if there are definable functions Let A be the m × n matrix of unit exponents in Γops i : τ1 → τ2 and Γops j : τ2 → τ1 such that for µ1,... ,µn,andB the m-vector of unit exponents in µ0. any expressions Γops f : τ1 and Γops g : τ2,the If the equation AX = B is solvable for integer variables equivalences in X, then

n−r ··· ··· ∼+ [[ j(i(f))]](ρops)(v1) (vm)=[[f]] ( ρops)(v1) (vm) τ = num 1 →···→num 1 → num 1 [[ i(j(g))]](ρops)(v1) ···(vn)=[[g]] ( ρops)(v1) ···(vn) where r is the rank of A. hold for all positive or looping values vi. Proof. See Appendix A. For our example above, the second equation follows directly from the underlying semantics, whereas the first Example (Pendulum). Suppose that the square of relies crucially on dimensional invariance. This is similar the period of a pendulum is determined by a function to Wadler’s demonstration that in System F the isomor- ∼ ∀ ∀ ∀ num → num phism τ = ∀t.(τ → t) → t holds for any type τ, where Γops e : M. L. T. M L − parametricity is required to prove one direction of the → num L · T 2 → num 1 → num T2 isomorphism [14]. Why the restriction to positive values? Intuitively, whose arguments represent the mass and length of the there are more functions of type ∀u.num u → num u → pendulum, the acceleration due to gravity and the angle num → num u than of type num 1 → num 1 because the former of swing. Then for positive argument values 1 num can use the signs of two arguments to determine differ- 1 is an isomorphic type. ent courses of action, whereas the latter has the sign of It is possible to prove similar results for higher-order only one argument available. types, for example that the type of the differentiation In Section 2.2 we outlined the technique of dimen- function of Section 2.4 is isomorphic for positive values sional analysis: the reduction of an equation involving to (num 1 → num 1) → (num 1 → num 1). A general dimensioned quantities to an equation over a smaller result in the style of Theorem 3 is the subject of further number of dimensionless ones. We have just done some- research. thing very similar, reducing a dimensionally-invariant function of two arguments to a dimensionless function 5.4 Relative definability of just one. In order to obtain a precise connection be- tween these two ideas, we first state the central theorem If Λu is extended with lists then one can define a of dimensional analysis. recursive function to calculate the arithmetic mean of a list of n numbers according to the formula Pi Theorem. Fix a set of m base dimensions and let n ( i=1 ai) /n. The function would have the polymor- x1,... ,xn be positive variables with the dimensions of phic type ∀u.list (num u) → num u. Now try writing × xi given by the i’th column of an m n matrix A of di- a function gm to calculate the geometric mean accord- mension exponents. Then any dimensionally-invariant n 1/n ing to the formula ( ai) . At a first attempt, relation of the form i=1 one immediately runs up against the problem that the product of the elements of the list has units which de- f(x1,... ,xn)=0 pend upon the length of the list. Although geomet- is equivalent to a relation ric mean has behaviour consistent with the polymorphic type ∀u.list (num u) → num u, its natural definition re- f (Π1,... ,Πn−r)=0 ceives the typing list num → num where r is the rank of the matrix A and Π1,... ,Πn−r Γops gm : ( 1) 1. are dimensionless power-products of x1,... ,xn. But by a trick due to Rittri [12] one can turn this into Proof. See Birkhoff [3]. a polymorphic function, as follows:

We prove the following analogous result for first-order Λu.λxs : list (num u). ∗ num types in Λu. abs(hd xs) gm(map (λx : u. x/abs(hd xs)) xs)

Theorem 3 (Pi Theorem for Λu). Let τ be a closed The trick is to use the magnitude of the first element type of the form of the list (abs(hd xs)) as a ‘unit’ by which to scale the whole list, pass this dimensionless list to gm, and then ∀u1 ...∀um.num µ1 →···→num µn → num µ0. scale back again by the first element. The dimensional

10 invariance of gm ensures that its semantics is preserved This is a version of the classic ‘parallel or’ function by the translation. whose implementation requires parallel evaluation of its To formalise this idea, which we call relative definabil- arguments. It is continuous, and furthermore is pre-  ity,letτ denote the unit-erasure of τ: the removal of served by the scaling relation Rτ induced by Eops for all quantifiers and the replacement of numµ with num1. τ = ∀u.num u → num u → num u, but there is no ex- Then given a closed type τ and a term e with typing pression e of type τ whose meaning is p. The function  Γops e : τ but behaviour Γops |= e : τ, we seek an- p can be used to distinguish the denotations of the fol- other another term e with typing Γops e : τ such that lowing observationally-equivalent expressions (where Ω [[ e]] ( ρops)=[[e ]] ( ρops). is a divergent term of type num 1):

Example. Suppose that a term has typing and be- def haviour specified by e1 = λy : τ.y1(Ω)(0) + y1(0)(Ω) def 1 Γops e : num 1 → num 1 and e2 = λy : τ.y (Ω)(Ω). 2 Γops |= e : ∀u.num u → num u . Now consider the expressions Let e be the term def Λu.λx : num u. e3 = λy :(∀u.num u → num u).y1(2) e(if x =0then 0 else x/abs(x)) ∗ abs(x) ∗ abs(x). def and e4 = λy :(∀u.num u → num u). 2 ∗ y1(1). 2 with the typing Γops e : ∀u.num u → num u . Then [[ e]] ( ρops)=[[e ]] ( ρops). Although the underlying semantics assigns different meanings to e and e , we know from dimensional in- Proof. Let f =[[e]] ( ρ )andf =[[e]] ( ρ ). Using 3 4 ops ops variance that they must be observationally equivalent. Figure 3 and the usual interpretation of arithmetic con- Similarly, because functions of type ∀u.num u2 → num u stants it is easily shown that  cannot distinguish between different positive arguments, f(v)ifv = ⊥ or v = [0] , the expressions f (v)= ⊥ if v =[r ]andf([r /|r |]) = ⊥,  1 1 1 def ∀ num 2 → num  2 e5 = λy :( u. u u).y1(3) r2|r1| if v =[r1]andf([r1/|r1|]) = [r2] . def 2 and e = λy :(∀u.num u → num u).y1(5) From the dimensional invariance of e we know that for 6 any ψ ∈E ({u})itisthecasethat ops are observationally-equivalent. 2 ψ (v,v ) ∈ ψ(u)⊥ ⇒ (f(v),f(v )) ∈ ψ(u )⊥. The scaling relation Rτ has proved to be remarkably m m powerful in a variety of applications. The ultimate test By setting ψ(u )={ (r, |r1| r) | r ∈ Q } it follows of its power would be to construct a model of the lan- that f = f as required. guage in which the only incorrect distinctions between terms are due to the failure of full abstraction in the 6 Full abstraction underlying semantics – so it distinguishes e1 and e2 but identifies e3 with e4 and e5 with e6. It is well-known that standard cpo models of PCF are To formalise this notion of relative full abstraction, not fully abstract [10]; that is, denotational equality first extend the notion of unit-erasure from Section 5.4  ([[e1]] = [[ e2]]) does not coincide with observational equiv- to terms: let e denote the removal of all unit abstrac- alence (e1 ≈ e2, which formulated denotationally states tions and unit applications from e and the unit-erasure that [[C[e1]]] = [[C[e2]]] for every program context C[·]). of type annotations. Because the underlying semantics This is because there are certain elements in the model of Figure 3 ignores unit annotations, it is easy to see   which are not definable by any term in the language, that [[τ]] = [[ τ ]] a n d [[ e]] = [[ e ]]. We can now define and these elements can be used to distinguish the de- two kinds of observational equivalence: unit-respecting notations of observationally-equivalent terms. Natu- equivalence (e1 ≈ e2 iff [[C[e1]]] = [[C[e2]]] for every pro-  rally enough, these elements exist in the underlying se- gram context C[·]) and underlying equivalence (e1 ≈ e2 C  C  mantics of Λu; moreover, they can even exhibit unit- iff [[ [e1 ]]] = [[ [e2 ]]] for every dimensionless program  polymorphic behaviour. For example, consider a func- context C [·]). Consider the expressions studied above: ≈ ≈ ≈ ≈ tion p ∈ Q⊥ → Q⊥ → Q⊥: we have e1 e2 and e1 e2; e3 e4 but e3 e4;  e5 ≈ e6 but e5 ≈ e6.  ⊥  ⊥ [0] if v1 = or v2 = , Now let {| e|} stand for the meaning of a term e in some p(v1)(v2)= ⊥ otherwise. more abstract model, and assume that the two models

11 identify exactly the same unit-erased terms. Then we Acknowledgements say that {| · |} is fully abstract relative to [[·]] i f Part of this work was carried out at the University of

{| e1|} = {| e2|} and e1 ≈ e2 Cambridge Computer Laboratory with funding provided  by an EPSRC studentship. I am extremely grateful for implies [[e1]] =[[ e2]] a n d e1 ≈ e2. many productive discussions there with Nick Benton, Can such a model be constructed? Space constraints Francis Davey, Alan Mycroft and Ian Stark and for com- prevent us giving details of a proposed model here, but ments on this paper from Simon Gay and Ian Stark. the basic idea is to use the scaling relation to quotient the underlying semantics into equivalence classes. This References is possible because for closed types τ, the relation Rτ is symmetric and transitive, making it a partial equivalence [1] W. A. Adkins and S. H. Weintraub. Algebra: An Ap- relation, that is, an equivalence relation on a subset of proach via Module Theory. Springer-Verlag, 1992. [[ τ]]. By extending this idea to open types and open [2]P.N.Benton. Strictness Analysis of Lazy Functional terms in an appropriate way, a PER can be constructed Programs. PhD thesis, University of Cambridge Com- on the underlying meanings in [[Γ]] → [[ τ]]. It is then puter Laboratory, August 1993. Technical Report 309. possible to show that if the relative definability property [3] G. Birkhoff. Hydrodynamics: A Study in Logic, Fact and of Section 5.4 holds for all types (an open problem), then Similitude. Princeton University Press, Revised edition, the quotienting of the underlying semantics by this PER 1960. is fully abstract relative to the underlying semantics in [4] Kim B. Bruce, Roberto Di Cosmo, and Giuseppe Long. the sense described above. Provable isomorphisms of types. Mathematical Struc- tures in Computer Science, 2(2):231–247, June 1992. [5] J. Goubault. Inf´erence d’unit´es physiques en ML. 7 Conclusion In P. Cointe, C. Queinnec, and B. Serpette, editors, Journ´ees Francophones des Langages Applicatifs, Noir- We have presented a novel application of Reynolds’ no- moutier, pages 3–20. INRIA, 1994. tion of parametricity: the dimensional invariance of [6] R. T. House. A proposal for an extended form of terms which are polymorphic in units of measure. As type checking of expressions. The Computer Journal, with conventional parametricity, this has allowed us to 26(4):366–374, 1983. prove certain observational equivalences, to give condi- [7] A. J. Kennedy. Dimension types. In Proceedings of the tions on the terms which inhabit a type, and to demon- 5th European Symposium on Programming,volume788 strate isomorphisms between types. Furthermore it sug- of Lecture Notes in Computer Science, pages 348–362. gests a means of constructing an abstract model of the Springer-Verlag, 1994. language that validates all the equivalences introduced [8] A. J. Kennedy. Programming Languages and Dimen- by units of measure. sions. PhD thesis, Computer Laboratory, University of There is an apparent dependence of our results on the Cambridge, 1995. Available as Technical Report No. 391. particular properties of the constants in ρops. However, Theorem 1 itself is independent of these constants, and [9] D. H. Krantz, R. D. Luce, P. Suppes, and A. Tversky. the idea of completeness captured by Theorem 2 adapts Foundations of Measurement, volume I, III. Academic Press, 1971, 1990. well to other constants. For example, if the comparison operation < is replaced by a function which compares [10] G. D. Plotkin. LCF considered as a programming lan- the magnitudes of two values, then the Abelian group guage. Theoretical Computer Science, 5:223–255, 1977. Q+ in Figure 5 is replaced by the Abelian group Q\{0}. [11] J. C. Reynolds. Types, abstraction and parametric poly- Similarly, in a programming language with ‘computable morphism. In R. E. A. Mason, editor, Information Pro- cessing 83, pages 513–523, Amsterdam, 1983. Elsevier reals’, a built-in square root function can be accommo- Science Publishers B. V. (North-Holland). dated whilst still ruling out non-trivial functions of type [12] M. Rittri. Dimension inference under polymorphic re- ∀u.num u3 → num u. cursion. In 7th ACM Conf. on Functional Programming Reynolds suggests that parametricity should not be Languages and Computer Architecture, pages 147–159. limited to computation [11]. In this paper we have fur- ACM Press, June 1995. nished one such instance: the invariance of physical laws [13] K. Sieber. Reasoning about sequential functions via under changes of scale. In general they are also invari- logical relations. In M. P. Fourman, P. T. Johnstone, ant under changes in the coordinate system, given by and A. M. Pitts, editors, Applications of Categories in a translation or rotation of the axes. Perhaps this too Computer Science: Proceedings of the LMS Symposium, can be supported by the type system of a programming Durham, 1991. Cambridge University Press, 1992. LMS language. Lecture Notes Series, 177.

12 [14] P. Wadler. Theorems for free! In Proceedings of the 4th 2. We show that if the constants in ρops are invari- International Symposium on Functional Programming E ant under the scaling relation RΓops induced by Languages and Computer Architecture, 1989. then for any ψ ∈E(V) there is some subgroup [15] M. Wand and P. M. O’Keefe. Automatic dimensional G ⊆ Units(V)andh ∈ hom(G, Q+) such that inference. In J.-L. Lassez and G. Plotkin, editors, Com- ψ = ψG,h ∈Eops(V) as defined in Figure 5. putational Logic: Essays in Honor of Alan Robinson, pages 479–486. MIT Press, 1991. Let G be the set [16] G. Winskel. The Formal Semantics of Programming G = { µ ∈ Units(V) | ψ(µ) = {(0, 0)}}, Languages: An Introduction. The MIT Press, 1993. and assuming step (1), define h by:

A Omitted proofs h(µ)=k if ψ(µ)={ (r, kr) | r ∈ Q } . E E Theorem 2 (Completeness of ops). Suppose that Pick any µ1,µ2 ∈ G. Then induces RΓops .Then ψ(µ1)={ (r, k1r) | r ∈ Q } (ρops,ρops) ∈ R ⇐⇒ E ⊆ E ops. Γops ψ(µ2)={ (r, k2r) | r ∈ Q } Proof. for some k ,k ∈ Q+. From the interpretation of * (⇐). The verification that ρ is invariant under 1 2 ops we know that RΓops is straightforward. ⇒ ( ). We can deduce from the antecedent that for any ψ(µ1 · µ2)={ (r, k1k2r) | r ∈ Q } V, ψ ∈E(V), and µ, µ1,µ2 ∈ Units(V): and from this deduce that µ1·µ2 ∈ G and that h(µ1· 0:(0, 0) ∈ ψ(µ). µ2)=k1k2 = h(µ1)h(µ2). From the interpretation 1:(1, 1) ∈ ψ(1). of / and 1 we also know that ∈ ∈ −1 { | ∈ Q } +:If(r1,r1) ψ(µ) and (r2,r2) ψ(µ) ψ(µ1 )= (r, r/k1) r then (r + r ,r + r ) ∈ ψ(µ). 1 2 1 2 −1 ∈ and from this deduce that µ1 G and that ∈ ∈ −1 -:If(r1,r1) ψ(µ) and (r2,r2) ψ(µ) h(µ1 )=1/k1 =1/h(µ1). We already know that − − ∈ then (r1 r2,r1 r2) ψ(µ). h(1) = 1. Thus we have just shown that G is a sub- V ∈ ∈ group of Units( ), and that h is a homomorphism *:If(r1,r1) ψ(µ1) and (r2,r2) ψ(µ2) Q+ ∈ · from G into . This completes the proof. then (r1r2,r1r2) ψ(µ1 µ2). ∈   ∈ /:If(r1,r1) ψ(µ1) and (r2 =0,r2 =0) ψ(µ2) ∈ · −1 then (r1/r2,r1/r2) ψ(µ1 µ2 ). Theorem 3 (Pi Theorem for Λu). Let τ be a closed ∈ ∈ type of the form <:If(r1,r1) ψ(µ) and (r2,r2) ψ(µ) then r1

13 (R1). The exchange of two base units: where 0 denotes a block of zeroes, r =rank(A)and × ∼ Dr is an r r matrix with positive diagonal elements ∀ u.τ ∀ u.{ui → uj,uj → ui}τ. = s1,... ,sr and zeroes elsewhere, such that si divides si+1 for 1
i
r − 1. The matrix UAV is unique and is (R2). The replacement of a base unit by its inverse: known as the Smith normal form of A [1]. The values ∼ −1 s1,... ,sr are its invariant factors. ∀ u.τ ∀ u.{ui → u }τ. = i Using this particularly simple form, we can reduce our original problem to a much simpler one. By a compo- (R3). The invertible combination of two units (for sition of type isomorphisms represented by elementary  ∈ Z i = j and z ): row and column operations on the matrix A, we obtain ∼ z a new type whose arguments have units given by UAV ∀ u.τ = ∀ u.{ui → ui · uj }τ and whose result has units given by UB =(c1,... ,cm):

s A second class of isomorphisms manipulates the argu- ∼+ ∀ num 1 →···→num sr τ = u. u1 ur ments in a way analogous to the manipulation of units n−r c → num →···→num → num 1 ··· cm seen above. Again, dimensional invariance is not re- 1 1 (u1 um ). quired for their validation; the appropriate bijections Recall an assumption made in the statement of the the- are straightforward and are omitted. orem: that the equation AX = B is solvable for in- (C1). The exchange of two arguments: tegers in X (if this is not the case then all terms of type τ are trivial as was shown in Section 5.2). Hence − ∀ u.τ →···→τi →···→τj →···→τn → τ UA(VV 1)X = UB, and this is the case if and only if ∼ 1 0 = ∀ u.τ1 →···→τj →···→τi →···→τn → τ0. UAVY = UB is solvable for integers in Y . Therefore we must have ci = sizi for some zi ∈ Z when 1
i
r (C2). The inversion of an argument: and zi = 0 when r +1
i
m. By a trivial isomor- phism we can remove the superfluous bound variables ∀ u.τ →···num µi ···→τn → τ 1 0 ur+1,... ,um and rewrite the above as ∼ −1 = ∀ u.τ1 →···num µi ···→τn → τ0. s ∼+ ∀ num 1 →···→num sr τ = u1 ...ur. u1 ur n−r s z (C3). The invertible combination of two arguments → num →···→num → num 1 1 ··· s1zr 1 1 (u1 ur ). (for i = j and z ∈ Z): Now define bijections in Λu between this type (call it τ ) ∀ →···num →···→ → u.τ1 µi τn τ0 and the dimensionless type ∼+ z = ∀ u.τ1 →···num (µi · µj ) ···→τn → τ0. num →···→n−r num → num This relies on the j’th argument being non-zero, τ = 1 1 1, which explains ∼+. = as follows: Consider the matrix of integers A associated with the I = λf : τ .λx : num 1 ...λxn−r : num 1. units of the arguments in the resulting types above. The 1 f1...1(1) ···(1)(x ) ···(xn−r) isomorphisms (R1), (R2) and (R3) correspond to the ap- 1 plication of elementary row operations to A to produce J = λg : τ .Λu1 ...ur. A (the exchange of two rows, the multiplication of a row s s λx : num u 1 ...λxr : num u r . by −1, and the addition of a scalar multiple of one row 1 λxr+1 : num 1 ...λxn : num 1. to another row). Similarly, the isomorphisms (C1), (C2) z1 z x ∗···∗x r ∗ g(xr ) ···(xn) and (C3) correspond to elementary column operations. 1 r +1 The application of a set of elementary row operations In a similar fashion to the example sketched in Sec- to a matrix A is equivalent to multiplication on the left tion 5.3 we can prove that these bijections compose to by an invertible matrix U to give UA. Similarly, the give the identity with respect to terms of types τ and application of a set of column operations to a matrix A τ . As before, one direction (showing that J(I(f)) is is equivalent to multiplication on the right by an invert- equivalent to f for positive values) requires the use of × ible matrix V to give AV . Furthermore, for any m n dimensional invariance (at last!). matrix A, there exists an invertible m×m matrix U and invertible n × n matrix V such that Dr 0 UAV = 00

14