The Structure of Nuprl's Type Theory

The Structure of Nuprls Typ e Theory

Rob ert L Constable

Cornell University

Ithaca NY

Intro duction

Context

After my lectures on this topic were delivered in July at Marktob erdorf my col

leagues and I made available much more related material b oth at the Nuprl home page

on the World Wide Web the Web wwwcscornelleduInfoNuPrlnuprlhtml

and in publications some so on to app ear

At the Web site the thesis of Jackson and the article byForester are esp ecially

relevanttomy lecture Also the Nuprl b o ok is nowavailable on line at the Web

site as is the Nuprl reference manual and a host of Nuprl libraries

As a result of the ready access to this material and b ecause the material in the Cor

nell Technical Rep ort series is part of an expanding digital library whose longevity

seems guaranteed I designed this article to concentrate on the material not available

elsewhere eg a discussion of the Core Theory and its relation to Nuprl

A naive accountofCoreTyp e Theory is esp ecially simple and I think it provides a

bridge to understanding the more daunting axiomatization of the Nuprl typ e theory

which is used in all of the online libraries This article presents the Core Theory and

relates it to a corresp onding part of Nuprl Comparisons are made to set theory as a

way to motivate the concepts

Typ es and Sets

The informal language of mathematics uses typ es and sets but when mathematicians

want to b e rigorous ab out a concept they tend to rely on the year old tradition

of reducing it to concepts in pure set theory In this article we will nd the rigorous

concepts in type theoryFor p edagogical reasons we will often mention the set theory

version of a concept as well

The idea of a typ e is built up inductively as is the Zermelo hierarchical concept of

set We start with primitive types and typeconstructors

The Core Theory needed for Nuprl involves only six typ e constructors pro duct disjoint

union function space inductive typ e set typ eand quotient typ eWe need some primitive

typ es as well void unit Typ eandPropIhavechosen to add coinductivetyp es as

well although they are not in Nuprl

TheCoreTheory

PrimitiveTyp es

void is a typ e with no elements

unit is a typ e with one element denoted

There will b e other primitivetyp es intro duced later Notice in set theory we usually

have only one primitive set some innite set usually Sometimes the emptyset

is primitiveaswell although it is denable by separation from

Comp ound Typ es We build new typ es using typeconstructors These tell us how

to construct various kinds of ob jects In pure set theory there is only one kind sets

The typ e constructors wecho ose are motivated b oth by mathematical and compu

tational considerations So we will see a tight relationship to the notion of type in

programming languages The notes by CAR Hoare Notes on Data Structuring

make the p ointwell

Cartesian Pro ducts

If A and B are typ es then so is their pro duct written A B There will b e many

formation rules of this form so we adopt a simple convention for stating them We

write

A is a Type B is a Type

A B is a Type

The elements of a pro duct are pairs ha bi Sp ecically if a b elongs to A and b b elongs

to B then ha bi b elongs to A B We abbreviate this by writing

aA bB

ha bi A B

In programming languages these typ es are generalized to nary pro ducts say

A A A They are the basis for dening records

Wesay that ha bi hc di in A B i a c in A and b d in B

In set theory equalityisuniformandbuiltinbutintyp e theory we dene equality

with each constructor either builtin as in Nurpl or by denition as in this core

theory

There is essentially only one way to decomp ose pairs Wesay things like take the

rst elements of the pair P symb olically wemightsay rstP orofP We can

also take the second elementof P secondP orofP

Function Space

We use the words function space as well as function typ e for historical reasons

If A and B are typ es then A B is the typ e of computable functions from A to B

These are given by rules which are dened for each a in A and which pro duce a unique

valueWe summarize by

A is a Type B is a Type

A B is a Type

The function notation we use informally comes from mathematics texts eg Bour

bakis AlgebraWe write expressions like x b or x b the latter gives a name to

the function For example x x is the squaring function on numb ers

If b computes to an elementof B when x has value a in A for each athenwesay

x b A B We will also use lambda notation xbfor x b The informal

rule for typing a function xbistosay that xb A B provided that when

x is of typ e A b is of typ e B We can express these typing judgments in the form

x A b B The phrase x A declares x to b e of typ e AThetyping rule is then

x A b B

xb A B

If f g are functions we dene their equalityas

f g i f xg x for all x in A

If f is a function from A to B and aAwe write f a for the value of the function

Disjoint Unions also called Discriminated Unions

Forming the union of two sets say x y is a basic op eration in set theory It is basic

in typ e theory as well but for computational purp oses wewant to discriminate based

on whichtyp e an element is in To accomplish this we put tags on the elements to

keep them disjoint Here weuse inl and inr as the tags

A is a Type B is a Type

A B is a Type

The memb ership rules are

bB a A

inl a A B inr b A B

Wesay that inl ainl a i a a and likewise for inr b

We can now use a case statement to detect the tags and use expressions like

if x inl z then some expression in z

if x inr z then some expression in z

in dening other ob jects The test for inl z or inr z is computable There is an

op eration called decide that discriminates on the typ e tags The typing rule and

syntax for it are given in terms of a typing judgment of the form E t T where is a

list of declarations of the form x A x A called a typing environment The

n n

A are typ es and x are variables declared to b e of typ e A The rule is

i i i

E d A B E u A t T E v B t T

E decided ut vt T

Subtyping

Intuitively A is a subtyp e of B i every elementof A is also an elementof B we write

this relation as A B Clearly A for any A Notice that A is not a subtyp e of

A B since the elements of A in A B have the form inl a Wehave these prop erties

however

A A B B

A B A B

For A B we also require that a a in A implies a a in B

InductiveTyp es

Dening typ es in terms of themselves is quite common in programming often p ointers

are used in the denition in Pascal and C for example but in languages like ML

direct recursive denitions are p ossible For example a list of numb ers L can b e

intro duced by a denition like

dene type L N N L

In due course we will give conditions telling when such denitions are sensible but

for now let us understand howelements of sucha typ e are created Basically a typ e

of this kind will b e sensible just when we understand exactly what elements b elong to

the typ e Clearly elements like inl inl are elements Given them it is clear

that inr h inl iinrhinli and generally inr hn inl mi are elements and

given these we can also build

inr hk inr hn inl mii and so forth

In general we can build elements in anyofthetyp es

N N Y

N N N N Y

N N N N N N Y

The key question ab out this pro cess is whether wewanttoallow anything else in the

typ e L Our decision is nowewant only elements obtained by this nite pro cess

In set theorywe can understand similar inductive denitions saya set L suchthat

L N N L as least xed p oints of monotonic op erators F Set Set In

general given suchanoperatorF wesay that the set inductively dened by F is the

least F cl osed set call it I F We dene it as

I F fY jF Y Y g

We use set theory as a guide to justify recursivetyp e denitions

For the sake of dening monotonicitywe use the subtyping relation S T This

holds just when the elements of S are also elements of T and the equalityon S and

T is the same For example

if S T then N N S N N T

Def Given a typ e expression F Type Type suchthatifT T then F T

F T then write X F X asthetype inductively denedbyF

To construct elements of X F X we basically just unwind the denition That is

if tFX F X then t XFX

Wesay that t t in X F X i t t in F X F X

The p ower of recursivetyp es comes from the fact that we can dene total computable

functions over them very elegantlyandwe can prove prop erties of elements recursively

Recursive denitions are given by this term

inda f zb

called a recursor or recursiveform It ob eys the computation rule

inda f zb evaluates in one step to

baz y indy f zbf

Note in this rule we use the notation bsx ty to mean that we substitute s for x

and t for y in b

typing

The waywe gure out a typ e for this form is given by a simple rule Wesay that

inda f zb is in typ e B

provided that a X F X and if when Y is a Typ e and Y X F X and z

b elongs to F Y and f maps Y to B then b is of typ e B

induction

The principle of inductive reasoning over X F X is just this

induction

Let R X F X and assume that Y is a subtyp e of R and that for all x in Y P x

is true This is the induction hyp othesis Then if we can show z F Y P z we

can conclude

x RP x

With this principle and the form indwe can write programs over recursivetyp es

and prove prop erties of them The approach presented here is quite abstract so it

applies to a large variety of sp ecic programming languages It also stands on its own

as a mathematical theory of typ es

typing rules

We will write these informal rules as inference rules To connect to the Nuprl ac

count I will use its notation whichis recXT for X T and rec inda f zbfor

inda f zb In our Core Typ e Theory recursivetyp es are written as X T where

stands for the least xed p oint op erator This is p erhaps more standard notation

however recXT is the Nuprl syntax and is mnemonic

Here is the rule whichsays recXT isa typ e using a sequentstyle presentation of

rules

E X Type T Type

E recXT Type

For example we can derive recN N isatyp e as follows

Type E N Type N Type

Type

E N Type

E N Type N Type

E recN N Type

Rememb er that is a primitivetyp e This typ e is essentially list

Tointro duce elementswe use the following rule of unrolling

E t T recXT X

E t recXT

Here are some examples on in recN N Recall that typ e fg

The nil list is derived as

N Type inl recN N

inl recN N

Lists are derived as

inl recN N

pair inl recN N

inr pair inl recN N

To make a decision ab out for example whether l is nil or not unroll on the left

E l recN N g G

recursion combinator typing

This version of recursivetyp es allows primitive recursion over recursivetyp es also

called the natural recursion The Nuprl syntax is

rec indt f zg

The usual convention for the syntax also applies here t and g are two subterms and g

is in the scop e of two binding variables f and z We dene the recursion combinator

to b e xr ec indx f zg

For evaluation we recall the computation rule

indt f zg g tz wrec indw f zgf rec

called reduction We dont evaluate t but simply substitute it into g

Typing of the recursion combinator is the key part

E t recXT E X T y pe z T f X G g G

E rec indt f zg G

Where is the induction Its in the top righthand side For sanitycheck unwind

rec indt f zg G reduces to g tz wrec indw f zgf GAswe exp ect

g G z and y have the same typ e f is a function from elements of recursivetyp e to

G Then we b ottom out on X Thus X in f X G is the key part

The longer you know this rule the clearer it gets It summarizes recursion in one rule

denition of ind using rec ind

Here is how to dene a natural recursion combinator on N call it indn b u ig using

rec ind Lets sayhow this b ehaves The base case is

ind b u ig b

The inductive case is

indsuccn b u ig g nu indn b u ig i

We combine the base and the inductive cases into one rule as follows

E n N u N i Gux g Gsuccux

E indn b u ig Gnx

To derive this rule for ind we can enco de N into list

inl

We can dene the successor of m as succm inr hmi

N is isomorphic to recN N

This presentation of N do esnt haveanyintrinsic value its just a waytolookatN

for an alternative presentation try deriving ind from recN N It gives us an

existence pro of for the class of natural numb ers

Given the ab ove setup wewant to derive the rule for ind

E n N E b Gx E u Ni Gux g Gsuccux

E indn b u ig Gnx

using the rule of rec ind

E t recXT E X Typ ex T f y X Gyx g G

E rec indt f xg Gtx

Notice the following facts in the ab ovetwo rules

In the rule for induction the rst hyp othesis denotes that we are doing induction

over the natural nymb ers the second one is the base case of this induction notice

that we substitute x by zero and the third is the induction hyp othesis by which

weprove the fact for the successor of u assuming it for u

In the rule for recursiveinduction x shouldbeoftyp e T which is the b o dy of the

recursivetyp e This is b ecause wewant to b e able to compute the predecessors

of x

If wewant to indicate the new variables we use in the recursive induction rule we write

the rule adding this information

E t recXT E X Typ ex T f y X Gyx g G

E rec indt f xg Gtx

This is an elegant induction form describing any p ossible recursive denition

Lets see how this works in the case of building the ind rule We constuct ag from

g so that if weuseg in rec ind we will derive indn b u ig Before we presentg

lets try to get a bit of the intuition The most imp ortant part of the ind rule is its

ind rule so that we can pull out induction hyp othesis Wewant to sp ecialise the rec

and isolate this induction hyp othesis

The idea is the following

Let i b e the function f applied to u i f u where u is the predecessor

of x we are lo oking at We can get this predecessor u as wehave already

noticed b efore by using the hyp othesis x T and by decomp osing x

For example if T is the typ e of list then T N We do a case split and we

get two cases in the rst case weget which represents zero and in the second case

we get N which is the successor We can constructg given g of the ind form by

taking a close lo ok at the structure of x

T is a disjunct and henceg is a decide

T s inl side has the zero so we need it as the base case whichisb and

T s inr side is a pair whichwewant to spread and use In the spread u will

denote the predecessor of x

It seems that the following form forg can giveusallwe need

g decidex zb pspr eadp ugf ui

As an exercise you can prove thatg G hint use the fact that b Gx

We knowthat

b Ginl x

Also

y X and f X Gyx

x inr pair u

which means

x succu

So in fact we are doing the substitution Gsuccuxandthus g Gsuccux

We leave to the reader to carry out the simple typ echecking applying the rules for

decide and spr ead to this denition The interesting p ointisthating Gwe are

building up x either as inl oras inr pair u in one case this is Gx and in

the other Gsuccxx

Wehavenow shown that wehave built the natural induction form for integers from

the recursion combinator

CoinductiveTyp es

The presentation of inductivetyp es is from Nax Mendlers thesis Inductive

Denitions in TypeTheory and writings Nax discovered a b eautiful symmetry in

the typ e denition pro cess and used it to dene a class of typ es that are sometimes

called lazy typ es see Thompson b o ok Type Theory and Functional Programming

Essentially coinductivetyp es arise by taking maximal xed p oints of monotone

op erators The standard example is a streamsayofnumb ers

dene type S N S

The elements of this typ e are ob jects that generate unb ounded lists of numb ers ac

cording to a certain generation law The generators are recursively dened and have

the form

inda f zg

much like the recursors

Here is howthetyp es are dened

Denition Given a monotone op erator F on typ es XF X isatyp e called the

coinductive type generatedbyF

An elementof XF X is dened from the generator inda f zb This is well

dened under these conditions

Given a typ e D the seed typ e if dD and Y is a typ e suchthatXF X Y with

f D Y and zD then bF Y

then indd f zb XFX

For example if wecallYN Y a Stream then indk f zhz f z i will generate

an unb ounded sequence of numb ers starting at k

In order to use the elements of a coinductivetyp e we need some way to force the

generator to pro duce an element This is done with a form called out It has this

prop erty

If tXFX

then outtF XF X

This form ob eys the following computation rule

outindd f zb

evaluates to bdz y indy f zbf

Subset Typ es and Logic

One of the most basic and characteristic typ es of Nuprl is the socalled set type or

subset type written fx A j P xg and denoting the subtyp e of A consisting of exactly

those elements satisfying condition P This concept is closely related to the set theory

notion written the same way and denoting the subset of A satisfying the predicate

P In axiomatic set theory the existence of this set is guaranteed bytheseparation

axiom The idea is that the predicate P separates a subset of A as in the example of

say the prime numb ers fx N j pr imexg

To understand this typ e we need to know something ab out predicates In axiomatic

set theory the predicates allowed are quite restrictive they are built from the atomic

memb ership predicate x y using the rst order predicate calculus over the universe

of sets In typ e theory weallow a dierent class of predicates those involving

predicative higherorder logic in a sense This topic is discussed in many articles and

b o oks on typ e theory and is b eyond the scop e of this article so

here we will just assume that the reader is familiar with one account of prop ositions

astyp es or representing logic in typ e theory

The Nuprl style is to use the typ e of prop ositions denoted Prop This concept is

stratied into Prop as in Principia Mathematica and it is related by the prop ositions

astyp es principle to the large typ es suchas Type Prop are indeed considered to b e

a large typ es See for an extensive discussion of this notion For the work we

do here we only need the notions of Type and Prop whichwetaketobeType and

Prop in the full Nuprl theory

The p oint of universes or large typ es is that they allow us to use expressions like

Type A Type A Type Type Type etc as if they were typ es except that

Type Type is not allowed Instead when we need such a notion wemust attend

to the level numb ers used to stratify the notions of Type and Prop We can say

Type Type if ij and Type Type when ij

i j i j

Thus the ob jects of mathematics we consider include propositionsFor example

inN and are true prop ositions ab out the typ e N so Prop and

PropWe also consider propositional forms suchas x y or x y These

are sometimes called predicates

Propositional functions on a typ e A are elements of the typ e A Prop

We also need typ es that can b e restricted by predicates suchasfx N jx or

x g This typ e b ehaves likethe Booleans

The general formation rule is this If A is a typ e and B A Prop then fx AjB xg

is a subtypeofA

The elements of fx AjB xg are those a in A for which B aistrue

Sometimes we state the formation in terms of predicates so if P is a prop osition for

any x in A then fx AjP g is a subtyp e of AWe Clearly have fx AjP g A

Dep endenttyp es and mo dules

We will b e able to dene mo dules and abstract data typ es by extending the existing

typ es in a simple but very expressiveway using socalled dependent types

dep endent pro duct

Supp ose you are writing a business application and you wish to construct a typ e

representing the date

M onth fg

Day fg

Date M onth Day

Wewould need a waytocheck for valid dates Currently h i is a p erfectly legal

member of Date although it is not a valid date One thing we can do is to dene

Day fg

and we will now write our data typ e as

Date m Month Day m

We mean by this that the second element of the pair b elongs to the typ e indexed by

the rst element Now h i is a legal date since Day and h i is illegal

b ecause Day

Many programming languages implement this or a similar concept in a limited way

An example is Pascals variant records While Pascal requires the indexing elementto

b e of scalar typ e we will allowittobeofanytyp e

We can see that what we are doing is making a more general pro duct typ e It is very

similar to A B Let us call this typ e pr odA xB We can display this as x A B

The typing rules are

E a AE b B ax

E pair a b pr odA xB

E p pr odA xB E u A v B ux t T

E spr eadp u v t T

Note that wehavent added anyelements Weve just added some new typing rules

dep endent functions

If we allow B to b e a family in the typ e A B we get a new typ e denoted by

funA xB or x A B which generalizes the typ e A B The rules are

E y A byx B yx

new y

E xb funA xB

E f funA xB E a A

E apf a B ax

Example Back to our example Dates We see that m Month Day m is just

funM onth mD ay where Day is a family of twelvetyp es And xmaxday x is

a term in it

Equality and QuotientTyp es

According to MartinLof s semantics a mathematical typ e is created by sp ecifying

notation for its elements called canonical names and sp ecifying our equality relation

on these names The equality relation can b e an equivalence relation This relation is

one feature that distinguishes mere notation from the more abstract idea of an object

ie from notation with meaning

For example sets of ordered pairs of integers hx y i can b e used as constants for ratio

nal numb ers In this case the equality relation should equate h i and h i generally

ha bi hc di i a d b c Similarlylet Zmod n denote the congruence integers

ie the integers with equalitytaken mod n so that x y mo d n i n divides x y

The only dierence b etween Z and Zmod n is the equality relation on the integer

constants

Following Beeson we might sp eak of the constants without an equality relation as a

pretyp e Then a typ e arises by pairing an equality with a pretyp e say hT Ei where

E is an equivalence relation on T But when we think of functions on a typ e say

f Q Qwe do not exp ect equality information to b e included as part of the input

to f The data comes from T This viewp ointisthus similar to MartinLof s as

long as we provide a way to dene new typ es bychanging the equality relation on data

and keeping the equality information hidden from op erations on the typ e This is

accomplished bythequotient type

To form a quotienttyp e we need a typ e T and an equivalence relation E on T The

quotientof T by E is denoted TE Nuprl uses a slightly more exible notation as

we see in section The elements of TE are those of T but equality is dened by

E and denoted x y in TE For example the rational numb ers can b e taken to b e

Z N E where

E hx ni hy miim x n y

It is noteworthy that b ecause the equality information is hidden we cannot in general

say

x y in TE implies E x y

under the prop ositionsastyp es interpretation of implication

Typ e theory can express the logical idea that given x y in TE weknowthat

E x y is true in the sense that there is a pro of of E x y butwe cannot access it

One waytosay this is to replace the predicate E x y bytheweaker typ e fjE x y g

We call this the squashed typ e If E x y is true then this typ e call it sq E x y

has as memb er according to our rules for the set typ e If E x y is not true then

sq E x y is emptyWecanthus say

x y in TE implies sq E x y

A Nuprl Typ e Theory

In this section we lo ok at some features of the Nuprl typ e theory The rst section

is a discussion of the uniform syntax of Nuprl terms The second section considers

Allens semantics for Nuprl without recursivetyp es Mendler provides a

semantics for recursivetyp es as wellbutitismoreinvolved than what we present

here

Nuprl Term Syntax

Following Frege Church and MartinLof wetake the basic unit of notation to b e a

term A formula for a sentence x int x is a term as is the expression for the

square of a number x

We will distinguish the concrete syntax or the display form of a term from its abstract

structure

abstract structure of terms

What are the constituent parts of a term

op erator name

In our analysis a term is built from an operator and subterms Wecho ose to name

the op erator so there is some means of nding an operator name This seems to b e

convenient for computer pro cessing and helps in the conduct of mathematics as well

Informal practice sometimes settles for a glyph or symb ol as the op erator name eg

subterms

Given a term there must b e a nite numb er of subterms These could b e collected as a

list or a multiset bag In many cases say it is not clear how to order the subterms

a and b But there must b e a waytoaddress or lo cate uniquely each subterm We

havechosen to list the subterms

binding structure

We know that mathematical notation for sentences can b e dened with combinators

which do not intro duce an idea of binding

We adopt the analysis of notation based on binding So with each op erator there is a

binding mechanism Informal mathematics uses many dierentmechanisms but we

will attempt to analyze all of them as rstorder That is the binding structure can

b e dened by designating a class of rst order variables ie just identiers as binding

o ccurrences The generic form of an op erator with binding structure is

op t t

x x m

where x are rst order variables and t are terms The binding structure is sp ecied

i j

bysaying whichofthex is b ound in which t This could b e done graphically as in

i j

op a b c

xy z xy yz xz

In Nuprl wehavechosen to use the form

opx y a y z b x z c

xy yz xz

b ecause it is a simple way to represent the general binding structure describ ed ab ove

op erations on terms

The common op erations on terms are these

Create an op erator

Provide displays for terms built with an op erator

Navigate to subterms

Replace a free variable with a term

Rename b ound variables

Substitute a term for a free variable using renaming to avoid capture

The b ehavior of substitution should satisfy a numb er of criteria b eyond b eing mathe

matically correct We exp ect any required renaming of b ound variables to b ehaveina

predictable manner It should b e p ossible to easily understand the renaming pro cess

in ways that aect computation and reasoning

Nuprl term structure

The term structure of Nuprl evolved from exp erience with MartinLof s typ e theory

and Nuprl We made the earlier term structure more uniform and more general

terms

A term has the form

opv t v t

n n

wherev is a list of identiers whose scope is the subterm t Thesev are lists of

i i i

binders Ifv is empty then it and the dot separating binders from terms are not

written The comp onent op is the operatoritis not a subterm

If opa opb opc are op erators and t t are terms then here are examples of terms

opax t

opbx y t y z t x z t

opct x t x y t

op erators

Op erators are themselves comp ound ob jects Their form is

opnamefi f i f g

n n

These were intro duced to express families of op erators such as universes U and the

injection of natural numb ers These are written as

univ er sefi posg

natur al number fu natg

v ar iabl efv str ing g

We call the i an index and the f an index family name

j i

alternatives calculus with op erator names

Another representation of terms that is natural is based on using the lamb da calculus

to dene all binding For example x A B xwould b e represented as al l x

A B x And spr eadp u v twould b e spr eadp u v t

This approach is natural in Lisp where terms are co ded as Sexpressions but it creates

notations with redexes suchas al l x nat y A B x y The presence of these

redexes notation app ears unnatural and they complicate pattern matching Moreover

b ecause of redexes there can b e an arbitrary numb er of terms that represent a given

informal notation suchas y A B y

In the case of representing a term suchasopx y a y z b x z c the form opx y a

y z b x z c will not represent the binding structure if we replace subterm by

equivalent ones eg

opx y a u v auy v z y x cy x xz

alternatives calculus with arities

MartinLof has intro duced a variant of the approach discussed in section The

idea is that the lamb da calculus with op erator names is a description of syntax he

sp eaks of a theory of expressions x A B x is represented as al l A x B x

The binding structure of the language is given by the untyped lamb da calculus

MartinLof then notes that the untyp ed lamb da calculus is decient as a theory of

syntax b ecause

equality of terms is undecidable

denitions are not eliminable b ecause of the Y combinator

He prop oses to x this by an accountof arities These are explained in terms of

saturated expressions versus expressions with holes in them But we can also view

the entire arity apparatus as a simply typ ed lambdacalculusinwhich the base typ e

o stands for saturated expressions suchas y siny The typ e o o stands for

expressions with one hole in them say sin But he indicates these holes using

the lambda mechanism writing y y siny as an expression of arity o oAn

op erator suchastheintegral y siny dy is analyzed as a complex that takes two

saturated expressions and one with holes and pro duces a saturated expression So

it has arityo o o o o where is used to denote arities of comp ound

expressions

The arity calculus is the same thing as a simply typ ed lamb da calculus whose typ es

are built from o and the constructors and Weknowthatequality is decidable

and denitions are eliminable

Semantics

The Nuprl semantics is a variation on that given by MartinLof for his typ e theory

and formalized by Stuart Allen see There are three stages in the semantic sp eci

cation the computation systemthe typ e system and the socalled judgement forms

We shall sp ecify a computation system consisting of terms divided into canonical and

noncanonical and a pro cedure for evaluating terms whichforagiven term t returns at

most one canonical term called the value of t In Nuprl whether a term is canonical

dep ends only on the outermost form of the term and there are terms whichhaveno

value We shall write sevals to t to mean that s has value t

Next we shall abstract from the system of typ es and equalityontyp es dened in

Section A typ e is a term T with which is asso ciated a transitive symmetric relation

t s T which resp ects evaluation in t and s that is if T is a typ e and tevalsto t

and sevalsto s then t s T if and only if t s T We shall sometimes say

T typ e to mean that T is a typ e Wesay t is a member of T or t T if t t T

Note that t s T is an equivalence relation in t and s when restricted to memb ers

of T Actually t s T is a threeplace relation on terms whichrespectsevaluation

in all three places We also use a transitive symmetric relation on terms T S

called typ e equality which t s T resp ects in T that is if T S then t s T if

and only if t s S The relation T S resp ects evaluation in T and S and T is a

typ e if and only if T T The restriction of T S to typ es is an equivalence relation

For our purp oses then a typ e system for a given computation system consists of a

twoplace relation T S and a threeplace relation t s T on terms such that

T S is transitive and symmetric

T S if and only if T T ev al s to T T S

t s T is transitive and symmetric in t and s

t s T if and only if t t ev al s to t t s T

There is a similaritybetween a typ e and Bishops notion of set Bishop says that to give a set

one givesaway to construct its memb ers and gives an equivalence relation called the equality on

that set on the memb ers

T T if t s T

t s T if T S t s S

We dene T typ e and t T by

T typ e if and only if T T

t T if and only if t t T

Finally socalled judgements will b e explained This requires consideration of terms

with free variables b ecause substitution of closed terms for free variables is central

to judgements as presented here In the description of semantics given so far term

has meant a closed term ie a term with no free variables There is only one form

of judgement in Nuprl x T x T S ext s which in the case that n is

n n

means s S The explanation of the cases in which n is not must wait

substitution

For the purp oses of giving the pro cedure for evaluation and explaining the semantics

of judgements wewould only need to consider substitution of closed terms for free

variables and so wewould not need to consider simultaneous substitution or capture

However for the purp ose of sp ecifying inference rules later wewanttohavesimulta

neous substitution of terms with free variables for free variables The result of sucha

substitution is indicated as in Section

tt t x x

n n

where n x x are variables not necessarily distinct and t t are terms

n n

It is handy to p ermit multiple o ccurrences of the same variable among the targets for

replacements all but the last of which are ignored tt t x x is the result

n n

of replacing each free o ccurrence of x in t by s for i nwheres is t with j

i i i j

the greatest k suchthatx is x

i k

the computation system

Figure shows the terms of Nuprl Variables are terms although since they are

not closed they are not executable Variables are written as identiers with distinct

identiers indicating distinct variables Nonnegativeintegers are written in standard

decimal notation There is no way to write a negativeinteger in Nuprl the b est one

can do is to write a noncanonical term suchas whichevaluates to a negative

integer Atom constants are written as character strings enclosed in double quotes

with distinct strings indicating distinct atom constants

The free o ccurrences of a variable x in a term t are the o ccurrences of x which either

are t or are free in the immediate subterms of t excepting those o ccurrences of x which

b ecome b ound in t In Figure the variables written b elow the terms indicate which

variable o ccurrences b ecome b ound some examples are explained b elow

An identier is any string of letters digits underscores or atsigns that starts with a letter The

only identiers which cannot b e used for variables are term of and those whichserve as op erator

names suchasint or spread

x n void

int atom axiom nil

Uk inla inra recA x B

x x

xb ab

A B x AB AB xAB

x x x x

AB AB xy AB fAB g

xy x

fxAB g a b in A

x x

canonical if closed

noncanonical if closed

anya ta ab

ab ab ab a mod b

spreadaxy t decideaxsy t

xy x xxyy

rec indafxg indaxy sbuv t

f f xy x uv u

x y v

eqabst lessabst int

x y u v range over variables

a b s t A B range over terms

n ranges over integers

k ranges over p ositiveintegers

Variables written b elow a term indicate where the variables b ecome b ound

indicates principal arguments

Figure Terms

Lower Precedence

in left asso ciative

right asso ciative

as in ab left asso ciative

inx left asso ciative

mod left asso ciative

inlinr prex

as in ab right asso ciative

a as in ta

Higher Precedence

Figure Op erator Precedence in Abbreviations

In x A B the x in front of the colon b ecomes b ound and any free o ccurrences

of x in B b ecome b ound The free o ccurrences of variables in x A B are all

the free o ccurrences of variables in A and all the free o ccurrences of variables in

B except for x

In ab no variable o ccurrences b ecome b ound hence the free o ccurrences of

variables in ab are those of a and those of b

In spreadsxy t the x and y in front of the dot and any free o ccurrences of

x or y in t b ecome b ound

Parentheses may b e used freely around terms and often must b e used to resolve am

biguous notations correctly Figure gives the relative precedences and asso ciativities

of Nuprl op erators

The closed terms ab ove the dotted line in Figure are the canonical terms while the

closed terms b elow it are the noncanonical terms Note that carets app ear b elow most

of the noncanonical forms these indicate the principal argumentplaces of those terms

This notion is used in the evaluation pro cedure b elow Certain terms are designated

as redices and each redex has a unique contractum Figure shows all redices and

their contracta

The evaluation pro cedure is as follows Given a closed term t

If t is canonical then the pro cedure terminates with result t

Redex Contractum

xba bax

spreadabxy t ta bx y

decideinlaxsy t sax

decideinrbxsy t tby

rec indaf z b baz y rec indy f z bf

int eqmnst s if m is n t otherwise

lessmnst s if m is less than n t otherwise

n the negation of n

mn the sum of m and n

mn the dierence

mn the pro duct

mn if n is otherwise the o or of the

obvious rational

m mod n if n is otherwise the p ositive

integer nearest that diers from m

byamultiple of n

indmxy sbuv t b if m is

tmindm xy sbuv tu v

if m is p ositive

smindm xy sbuv tx y

if m is negative

a b s t range over terms

x y u v range over variables

m n range over integers

Figure Redices and Contracta

Otherwise execute the evaluation pro cedure on each principal argumentof t and if

eachhasavalue replace the principal arguments of t by their resp ectivevalues

call this term s

If s is a redex then the pro cedure for evaluating t is continued byevaluating the

contractum of s

If s is not a redex then the pro cedure is terminated without result t has no value

The Typ e System

For convenience we shall extend the relation sevalsto t to p ossibly op en terms If s

or t contain free variables then sevals to t do es not hold otherwise it is true if and

only if s has value t

Recall that the members of a typ e are its canonical memb ers and the terms which

have those memb ers as values The integers are the canonical memb ers of the typ e

intThetyp e void is emptyThetyp e AB is a disjoint union of typ es A and B

The terms inla and inrb are canonical memb ers so long as a A and b B

a and b need not b e canonical The canonical memb ers of x A B are the terms

ab with a A and b B ax a and b not necessarily canonical Note that the

typ e from which the second comp onent is selected may dep end on the value of the

rst comp onent

A term of the form ta is called an application of t to aand a is called its argument

The members of xAB are called functions and each canonical member is a lambda

term x b whose application to any a A isamember of B ax It is required

that applications to equal memb ers of typ e A b e equal Clearly ta B axif t

xAB and a A

The signicance of some constructors derives from the representation of prop ositions as

typ es A prop osition represented bya typ e is true if and only if the typ e is inhabited

The typ e ab is inhabited if and only if the value of a is less than the value of b

The typ e ab in A is inhabited if and only if a b A Obviouslythetyp e

aa in A is inhabited if and only if a Asoa in A has b een adopted as

a notation for this typ e The members of fxAB g are the memb ers a of A such

that B ax is inhabited Typ es of the form fxAB g are called set typ es The set

constructor provides a device for sp ecifying subtyp es for example fxintxg has

just the p ositiveintegers as canonical memb ers

The memb ers of xy AB are the memb ers of A The dierence b etween this typ e

and A is equality a a xy AB if and only if a and a are memb ers of A and

B a a x y is inhabited Typ es of this form are called quotienttyp es The relation

x y is an equivalence relation over A in a and a this is built into the b b B a a

criteria for xy AB being a typ e

Now consider equality on the other typ es already discussed Recall that terms are

equal in a given typ e if and only if they evaluate to canonical terms equal in that

typ e Recall also that a a A is an equivalence relation in a and a when restricted

to members of A Memb ers of int are equal in int if and only if they have the

same value Canonical members of AB x A B are equal if and only if they

have the same outermost op erator and their corresp onding immediate subterms are

equal in the corresp onding typ es Memb ers of xAB are equal if and only if their

applications to anymember a of A are equal in B ax Wesay equalityon xAB

is extensionalThetyp es ab and ab in A have at most one canonical memb er

axiom Equalityin fxAB g is just the restriction of equalityinA to fxAB g

Wemust now consider the notion of functionality A term B is typ efunctional in

xA if and only if A is a typ e and B ax B a x for any a and a suchthat

a a A A term b is B functional in x A if and only if B is typ efunctional in

x A and bax ba x B axforany a and a suchthat a a A There are

restrictions on typ e formation involving typ efunctionality These can b e seen in the

typ e formation clauses for x A B xAB and fxAB g In each of these B must

be typ efunctional in xA Wemaynowsay that the memb ers of xAB are the

lamb da terms xbsuch that b is B functional in xAInthetyp e xy AB that B

must b e typ efunctional in b oth xy A follows from the fact that xAy AB B

must b e a typ e There are also constraints on the typ eho o d of xy AB which

guarantee that the relation b b B a a x y is an equivalence relation on memb ers

of A and resp ects equalityin A It should b e noted that if A is emptythenevery term

is typ efunctional in its free variables over A Hence xvoid is a typ e with no

memb ers even though is not a typ e

Equal typ es have the same memb ership and equality but not converselyTyp e etc

The relations that must hold b etween the resp ectiveimmediate subterms are seen

easily enough in the denition of typ e equality It should b e noted that in contrast to

equalitybetween typ es of the form x A B or x A Bmuch less is required for

fx A j B gfx A j B g than typ efunctional equalityof B and B in xA All that

is required is the existence of functions which for each a A evaluate to functions

mapping back and forth b etween B axand B ax Equalitybetween quotienttyp es

is dened similarlyIfx do es not o ccur free in B then A B x A B AB xAB

if x and y do not o ccur free in B then AB xy AB As a result there is no need

for clauses in the typ e system description giving the criteria for t t A B and

the others explicitly

Now consider the socalled universes U k p ositive The members of U are typ es

k k

The universes are cumulative that is if j is less than k then memb ership and equality

in U are just restrictions of memb ership and equalityin U Universe U is closed

j k k

under all the typ eforming op erations except formation of U for i greater than or

equal to k Equality hence memb ership in U is similar to typ e equality as dened

previously except that equalitymemb ership in U is required wherever typ e equality

typ eho o d was formerly required and although all universes are typ es only those Ui

suchthat i is less than k are in U Equalityin U is the restriction of typ e equality

k k

to memb ers of U

In the formation of these as members of U B must b e U functional in xA

k k

So far the only noncanonical form explicitly mentioned in connection with the typ e

system is application We shall elab orate here on a couple of forms and it should then

b e easy to see how to treat the others The spread form is used for computational

analysis of pairs The pair of comp onents is spread apart so that the comp onents can

b e used separately

spreadexy t T ez if

e x A B

T is typ e functional in z x A B

a b ta bx y T abz

if a A and b B ax

Since e x A B then for some a and b abe where a A and b B ax

Hence spreadexy t and ta bx y have the same value so it is enough that

ta bx y T ez But from our hyp otheses it follows that ta bx y T abz

so it is enough that T ez T abz Now e ab x A B since e

x A B and equality resp ects evaluation therefore T ez T abz in lightof

T s functionalityin z x A B

judgments

The signicance of judgments lies in the fact that they express the claims of a pro of

They are the units of assertion The judgments of Nuprl have the form

x T x T S ext s

n n

where x x are distinct variables and T T Ss are terms n maybe

n n

every free variable of T is one of x x and every free variable of S or of s is one

i i

of x x The list x T x T is called the hyp othesis list or assumption list

n n n

each x T is called a declaration of x each T is called a hyp othesis or assumption

i i i i

S is called the consequent or conclusion s the extract term the reason will b e seen

later and the whole thing is called a sequent

Before explaining the conditions whichmake a Nuprl sequent true we shall dene a

relation H l where H is a hyp othesis list and l is a list of terms and we shall dene

what it is for a sequenttobe true at a list of terms Allen calls this p ointwise

functionality

x T x T t t if and only if

n n n

j n t T t t x x

j j j j

t T t t x x t

j j j

T t t x x

j j

T t t x x if i j t t

i i i i

The sequent

x T x T S ext s

n n

is true at t t if and only if

t t S t t x x S t t x x

n n n

n n

st t x x

n n

st t x x S t t x x

n n n

if x T x T t t

n n n

i nt t T t t x x

i i i i

Equivalentlywe can say that s is S functional in x T x T if

n n

x T x T t t The sequent

n n n

x T x T S ext s is true if and only if

n n

t t xT x T S ext s is true at t t

n n n n

The connection b etween functionality and the truth of sequents lies in the fact that

S is typ efunctional or s is S functional in x T if and only if T is a typ e and for

eachmember t of T S is typ efunctional s is S functional in x fxT xt in T g

Therefore s is S functional in x T if and only if T is a typ e and the sequent xT

S ext s is true

It is not p ossible in Nuprl for the user to enter a complete sequent directly the extract

term must be omitted A sequentisnever displayed with its extract term The system

has b een designed so that up on completion of a pro of a comp onent called the extractor

automatically provides or extracts the extract term This is b ecause in the standard

mo de of use the user tries to prove that a certain typ e is inhabited without regard to

the identityofanymemb er In this mo de the user thinks of the typ e that is to b e

shown inhabited as a prop osition and that it is merely the truth of this prop osition

that the user wants to show When one do es wish to show explicitly that a A one

instead shows the typ e a in A to b e inhabited

Also the system can often extract a term from an incomplete pro of when the extraction

is indep endent of the extract terms of any unproven claims within the pro of b o dyOf

course such unproven claims may still contribute to the truth of the pro of s main

claim For example it is p ossible to provide an incomplete pro of of the untrue sequent

ext axiom the extract term axiom b eing provided automatically

Although the term extracted from a pro of of a sequent is not displayed in the sequent

the term is accessible by other means through the name assigned to the pro of in the

users library

Rules

The Nuprl system has b een designed to accommo date the topdown construction of

pro ofs by renement In this style one proves a judgementiea goalby applying

a renementrule obtaining a set of judgements called subgoals and then proving

each of the subgoals In this section we will describ e the rules The actual rules are

available at the Nuprl web page First wegive some general comments regarding the

rules and then pro ceed to give a description of eachrule

the form of a rule

To accommo date the topdown style of the pro ofs the rules of the logic are presented

in the following renement style

H T ext t by rule

H T ext t

k k k

The goal is shown at the top and each subgoal is shown indented underneath The

rules are dened so that if every subgoal is true then one can show the truth of the

goal where the truth of a judgement is to b e understo o d as dened ab ove If there

are no subgoals k then the truth of the goal is axiomatic

The rules have the prop erty that each subgoal can b e constructed from the information

in the rule and from the goal exclusive of the extraction term As a result some of

the more complicated rules require certain terms as parameters

Implicit in showing a judgement to b e true is showing that the conclusion of the

judgementisinfactatyp e We cannot directly judge a term to b e a typ e rather

we show that it inhabits a universe An examination of the semantic denition will

reveal that this is sucient Due to the richtyp e structure of the system it is not

p ossible in general to decide algorithmically if a given term denotes an elementofa

universe so this is something which will require pro of The logic has b een arranged so

the pro of that the conclusion of a goal is a typ e can b e conducted simultaneously with

the pro of that the typ e is inhabited In many cases this causes no great overhead but

some rules have subgoals whose only purp ose is to establish that the goal is a typ e

that is that it is wellformed These subgoals all have the form H T in Ui and

are referred to as wel lformedness subgoals

web access

The complete set of Nuprl rules is available on the Web under Libraries The

explanation given here should make them understandable

Conclusion

At the summer scho ol I presented the details of Max Foresters constructive pro of

of the Intermediate Value Theorem whichwas taken from Bishop and Bridges

I also discussed the stamps problem from the Nuprl library I related this

to Sam Buss account of feasible arithmetic by using the ecient induction tactic

complete nat ind with yattheendofint All of this material is now on the

Web and this article should help make it more accessible

Acknowledgments

Iwant to thank Kate Ricks for preparing this manuscript and Karla Consro e and Kate

for helping with the Nuprl Web page

References

Peter Aczel An intro duction to inductive denitions In J Barwise editor

Handbook of Mathematical Logic pages NorthHolland

Peter Aczel The typ e theoretic interpretation of constructive set theory In

Logic Methodology and Philosophy of ScienceVII pages Elsevier Science

Publishers

Stuart F Allen A nontypetheoretic semantics for typetheoretic language PhD

thesis Cornell University

Stuart F Allen A Nontyp etheoretic Denition of MartinLof s Typ es In Proc

of Second Symp on Logic in Comp Sci pages IEEE June

R C Backhouse P Chisholm G Malcolm and E Saaman Doityourself typ e

theory part I Formal Aspects of Computing

M J Beeson Formalizing constructive mathematics Whyandhow In F Rich

man editor Constructive Mathematics Lecture Notes in Mathematics Vol

pages Springer Berlin

MJ Beeson Foundations of Constructive Mathematics Springer Berlin

U Berger and H Schwichtenb erg Program extraction from classical pro ofs

In Daniel Leivant editor Logic and Computational Complexity pages

Springer Berlin

E Bishop and D Bridges Constructive Analysis Springer New York

S Buss The p olynomial hierarchyandintuitionistic b ounded arithmetic In

Structure in Complexity Theory Lecture Notes in Computer Science pages

Springer Berlin

Rob ert L Constable Typ es in Logic Mathematics and Programming In S Buss

editor Handbook of Proof Theory North Holland

Rob ert L Constable Using reection to explain and enhance typ e theory In

Helmut Schwichtenb erg editor Proof and Computation pages Berlin

NATO Advanced Study Institute International Summer Scho ol held in

Marktob erdorf Germany July August NATO Series F Vol

Springer Berlin

Rob ert L Constable Stuart F Allen HM Bromley WR Cleaveland JF Cre

mer RW Harp er Douglas J Howe TB Knoblo ck NP Mendler PPanan

gaden James T Sasaki and Scott F Smith Implementing Mathematics with the

Nuprl Development System PrenticeHall NJ

Thierry Co quand Metamathematical investigations of a calculus of constructions

In P Odifreddi editor Logic and Computer Science pages Academic

Press London

Thierry Co quand and Christine PaulinMohring Inductively dened typ es pre

liminary version In COLOG International Conference on Computer Logic

Lecture Notes in Computer Science Vol pages Springer Berlin

N G deBruijn A survey of the pro ject Automath In To HB Curry Essays in

Combinatory Logic Lambda Calculus and Formalism pages Academic

Press

Peter Dyb jer Inductive sets and families in MartinLofs typ e theory and

their settheoretic semantics In Proc of the First Annual Workshop on Logi

cal Frameworks pages SophiaAntip olis France June Program

ming Metho dology Group Chamers UniversityofTechnology and Universityof

Goteb org

Peter Dyb jer Inductive sets and families in MartinLofs typ e theory and their

settheoretic semantics In G Huet and G Plotkin editors Logical Frameworks

pages Cambridge University Press

Solomon Feferman A language and axioms for explicit mathematics In J N

Crossley editor Algebra and Logic Lecture Notes in Mathematics Vol pages

Springer Berlin

Max B Forester Formalizing constructive real analysis Technical Rep ort TR

Computer Science Dept Cornell University Ithaca NY

JY Girard PTaylor and Y Lafont Proofs and TypesCambridge Tracts in

Computer Science Vol Cambridge University Press

Jason J Hickey Ob jects and theories as very dep endenttyp es In Proceedings of

FOOL July

C A R Hoare Notes on data structuring In StructuredProgramming Academic

Press New York

W Howard The formulasastyp es notion of construction In To HB Curry

Essays on Combinatory Logic LambdaCalculus and Formalism pages

Academic Press NY

Douglas J Howe Equality in lazy computation systems In Proc of Fourth Symp

on Logic in Comp Sci pages IEEE Computer So ciety June

Douglas J Howe Reasoning ab out functional programs in Nuprl Functional

Programming Concurrency Simulation and AutomatedReasoning Lecture Notes

in Computer Science Vol Springer Berlin

Douglas J Howe Semantic foundations for emb edding HOL in Nuprl In Pro

ceedings of AMAST To app ear

Douglas J Howe and Scott D Stoller An op erational approachtocombining

classical set theory and functional programming languages In and J C Mitchell

M Hahiya editor Lecture Notes in Computer Science Vol pages New

York April International Symp osium TACS Springer Berlin Theoret

ical Asp ects of Computer Software

G Huet A uniform approachtotyp e theory In G Huet editor Logical Foun

dations of Functional Programming pages AddisonWesley

G P Huet and B Lang Proving and applying program transformations expressed

with secondorder patterns Acta Informatica

Paul B Jackson Enhancing the Nuprl Proof Development System and Applying

it to Computational Abstract Algebra PhD thesis Cornell University Ithaca NY

January

Daniel Leivant Intrinsic theories and computational complexity In Daniel

Leivant editor Logic and Computational Complexity pages Springer

Berlin

Per MartinLof Constructive mathematics and computer programming In Sixth

International Congress for Logic Methodology and Philosophy of Science pages

NorthHolland Amsterdam

Per MartinLof Intuitionistic TypeTheory Studies in Proof Theory Lecture

Notes Bibliop olis Nap oli

PF Mendler Inductive Denition in Type Theory PhD thesis Cornell Univer

sity Ithaca NY

B Nordstrom K Petersson and J Smith Programming in MartinLof s Type

Theory Oxford Sciences Publication Oxford

Erik Palmgren On Fixed Point Operators Inductive Denitions and Universes

in MartinLof s TypeTheory PhD thesis Uppsala UniversityThunb ergsvagen

S Uppsala Sweden March

A M Pitts Operational lyBasedTheories of Program EquivalenceUniversityof

Cambridge Cambridge UK

Helmut Schwichtenberg Computational Content of Proofs Mathematisches In

stitut Universitat Munc hen Munc hen Germany Working material for

Marktob erdorf lecture

D Scott ConstructivevalidityInDLacomb e M Laudelt editor Symposium

on Automatic DemonstrationLecture Notes in Mathematics Vol pages

New York SpringerVerlag

D Scott Data typ es as lattices SIAM J Comput

Anton Setzer Proof theoretical strength of MartinLof Type Theory with W

type and one universe PhD thesis LudwigMaximiliansUniversitat Munc hen

Septemb er

S Thompson Type Theory and Functional Programming AddisonWesley

SS Wainer The hierarchy of terminating recursive programs over N In Daniel

Leivant editor Logic and Computational Complexity Lecture Notes in Computer

Science Vol pages Springer Berlin