Adding the axioms to Axiom

Towards a system of automated reasoning in

Erik Poll Simon Thompson

Computing Lab oratoryUniversityofKent

CanterburyKent CT NF UK

fEPollSJThompsongukcacuk

Abstract

Anumber of combinations of theorem proving and computer alge

bra systems have b een prop osed in this pap er we describ e another

namely a wayto incorp orate a logic in the

Axiom We examine the typ e system of Aldor the Axiom

Compiler and show that with some mo dications wecanusethede

p endenttyp es of the system to mo del a logic under the CurryHoward

isomorphism We giveanumb er of example applications of the logic

we construct

Intro duction

Symbolic mathematical or computer algebra systems such as Axiom

JS and Mathematica are in everydayusebyscientists engineers

and indeed mathematicians b ecause they provide a user with techniques

of say integration which far exceed those of the p erson themselves and

make routine many calculations which would have been imp ossible some

years ago These systems are moreover taught as standard to ols within

manyuniversity undergraduate programmes and are used in supp ort of b oth

academic and commercial research

There are however drawbacks to the widespread use of automated sup

p ort of complex mathematical tasks which has b een widely noted Fateman

Fat gives the graphic example of systems which will assume that a

the basis that a has not been established This can have p oten on

tially disastrous consequences for the naive user of the system or indeed if

it o ccurs within a suciently complicated context any user

Symb olic mathematics systems are also limited by their reliance on al

gebraic techniques As Martin Mar remarks in p erforming op erations

of analysis it might b e a precondition that a function b e continuous sucha

prop erty cannot b e guaranteed by a computer algebra system alone

All this makes the combination of computer algebra with theorem prov

ing a topic of considerable interest the logical capabilities of a theorem

prover could b e used to express the assumptions up on which an answer rests

and in critical cases b e used to establish the truth of those assumptions

The literature contains a number of dierent strategies prop osed for

combining computer algebra and theorem proving see for instance Buc

CH BCZ This pap er examines another prop osal that of using the

typ e system of the Axiom JS computer algebra system to represent a

logic and thus to use the constructions of Axiom to handle the logic and

represent pro ofs and prop ositions in the same way as is done in theorem

provers based on typ e theory such as Nuprl C or Co q Cor

This pap er particularly explores the recent Axiom Library

Aldor W which is unusual among computer algebra systems in be

ing strongly typ ed and moreover in having a very powerful typ e system

including dep endenttyp es

The implementation of dep endenttyp es in Aldor is without evaluation

of typ e expressions so each typ e expression is its own normal form and

we show how this limits the expressivity of the dep endent typ es We pro

p ose a mo dication of the Aldor system which allow the typ es to represent

the prop ositions of a constructive logic under the CurryHoward corresp on

tegrates a logic into the Aldor system and thus dence We argue that this in

p ermits a variety of logical extensions to Aldor including adding pre and

p ostconditions to function sp ecications axiomatisations to categories of

mathematical ob jects as well as the ability to reason ab out the ob jects in

Axiom

The structure of the pap er is as follows Section intro duces Aldor and

more details of Aldor dep endent typ es app ear in Section We show how

a logic can be dened in a variant of the Aldor system in Section and

Section gives some example applications We conclude with a discussion

of related and future work

An intro duction to Aldor

previously known as AXIOM The Axiom Library Compiler Aldor W

XL or A provides the user with a p owerful generalpurp ose programming

language in which to mo del the structures of mathematics This language

is functionally based and provides higher orderfunctions generators which

b ear a strong relationship to list comprehensions and other features of mo d

ern functional languages like Standard ML MTH and Haskell PH as

well as b eing strongly typ ed

The typ e system of Aldor

Unusually among languages for computer algebra but in keeping with the

functional scho ol Aldor is strongly typ ed and each declaration of a binding

is accompanied by a declaration of the typ e of the value bound as in the

example

a Integer

This contrasts with languages like Haskell in which typ es need not be de



clared explicitly since they can b e deduced by the system In Aldor typ es

have to b e declared explicitly since the typ e system has a variety of complex

features including the following

Overloading A single identier can be used to denote values of dierent



typ e suchas Int Int and Int Bool Int Some supp ort

is provided for users to resolve overloading when that proves to be

necessary

Co ercions Some courtesy co ercions are provided by the system automat

ically these convert b etween multiple values a la LISP cross pro d

ucts and tuples It is also p ossible to make explicit conversions by

means of the coerce function from integers to oating p ointnumbers

and so forth

Typ es as values The typ e Type is itself a typ e it is by this means that

the system supp orts functions over typ es suchas

idType ty Type Type ty

and explicit p olymorphism as in

id ty Type x ty ty x

This resembles the quantication in System F in which functions can



dep end on typ e parameters and in F where functions can b e dened

from typ es to typ es This is investigated further in Section

Dep endent typ es Aldor p ermits functions to have dep endent typ es in

which the typ e of a function result dep ends up on the value of a pa

rameter An example is the function

Most Haskell programmers would however tend to givetyp e declarations for their

denitions since they serve b oth as an imp ortantcheck on the programmers intention as

well as providing crucial do cumentation



Note that this is a muchmore powerful overloading facility than that provided by

Haskell typ e classes PH in whichoverloaded functions have to b e of the same arity

vectorSum nInteger Vectorn Double

in which the result of a function application say

vectorSum

has the typ e Vector Double b ecause its argument has the

value In a similar way when the id function of denition is

applied its result typ e is determined by the typ e which is passed as

its rst argument

We discuss this asp ect of the language in more detail in Section

Variables The system is not fully functional containing as it do es variables

which denote storage lo cations The presence of up datable variables

inside expressions can cause sideeects whichmake the elucidation of

typ es considerably more dicult

There is a separate question ab out the role of mathematical variables

in equations and the like and the role that they play in the typ e system

of Axiom

Categories and domains These features which provide a form of data

abstraction are addressed in more detail in Section

The Aldor typ e system can thus b e seen to b e highly complex and weshall

indeed see that other features such as macros see Section complicate

the picture further one of the asp ects of our work is to try to reachamore

formal description of substantial parts of the typing mechanism of Aldor

Categories and domains

Axiom is designed to be a system in which to represent and manipulate

mathematical ob jects of various kinds and supp ort for this is given bythe

Aldor typ e system One can sp ecify what it is to be a monoid say by



dening the Category called Monoidthus

Monoid Category BasicType with f

g

This states that for a structure ov er a typ e to be a monoid it has to

supply two bindings in other words a Category describ es a signature The

rst name in the signature is and is a binary op eration over the typ e

the second is an elementof



There is no relation b etween Axioms notion of category and the notion from category

theory

In fact wehave stated slightly more than this as Monoid extends the cat

egory BasicType which requires that the underlying typ e carries an equality

op eration

BasicType Category with f

Boolean g

We should observe that this Monoid category do es not imp ose any con

straints on bindings to and we shall revisit this example in Section

b elow

Implementations of a category are abstract data typ es whichareknown

in Axiom as domains and are dened as was the value a ab ove

IntegerAdditiveMonoid Monoid add f

Rep Integer

import from Integer

x y perrep x rep y

per g

The category of the ob ject b eing dened Monoid is the typeofthedomain

which we are dening IntegerAdditiveMonoid The denition identies

a representation typ e Rep and also uses the conversion functions rep and

per whichhavethetyp es

rep Rep per Rep

In fact Rep rep and per are implemented using the macro mechanism

of Aldor and so are eliminated b efore typ e checking Another asp ect of

Aldor whichwe intend to explore are ways in whichthe macro system can

be eliminated in favour of a prop erly typ e checked mechanism and so in

particular supp ort the typ e abstraction machinery intro duced here

Wehave seen already that one category can extend another this can b e

seen as a form of inheritance Other op erations are available on categories

including the Join op eration which joins two categories thus allowing a

form of multiple inheritance

Categories provide a p owerful abstraction mechanism which allows func

tions to b e written which dep end on the bindings in a category and which

can therefore b e used over any domain which implements the category that

is any abstract data typ e which implements the signature in question Cat

egories resemble existential typ es MP San but are implemented in a

similar way to Haskell classes in that the typ e of the op erands in an appli

cation determine which implementation of the op eration is used

hanism is that it is One of the advantages of the Haskell typ e class mec

p ossible to declare a typ e as an instance of dierent classes at dierent

p oints in a program In the rst version of Axiom this was not allowed so

that an Axiom domain would have a signature this is category xed at

the point of denition and could not be extended to b ecome an instance

of a newlydened category this is p ossible in Aldor using a post facto

extension Details of this and other features can b e found in W

Categories can also be parametric and dep end up on value or typ e pa

rameters We shall see an example of this in Section b elow Wecontinue

to explore the Aldor typ e system in the following section where we lo ok in

more detail at the dep endenttyp es of the system

Dep endent typ es

The Aldor language contains dep endenttyp es so that one can dene func

tions suchasvectorSum which denes a sum function for vectors of arbitrary

lengthoftyp e

vectorSum nInteger Vectorn Double

and a function append to join twovectors together

append nIntegermIntegerVectornVectorm Vectornm

Given vectors of length two and three vec and vec we can join them

thus

appendvecvec Vector

and we would exp ect to be able to nd the sum of this vector by applying

vectorSum thus

vectorSum appendvecvec

but this will fail to typ e check since the argumentisoftyp e Vector

which is not equal to the exp ected typ e namely Vector This is b ecause

no evaluation takes place in typ e expressions in Aldor nor indeed in the

earlier version of Axiom

In Section we discuss ho w the Aldor typ e mechanism can b e mo died

to accommo date a more lib eral evaluation strategy within the typ e checker

Before doing that we lo ok at another example of the problems caused by

the failure of Aldor to evaluate typ e expressions

Typ es as values

Another example is provided by trying to formalise the notion from math

ematical category theory Mac namely that of a functor Sp ecically

we are thinking of the typ es of the language as forming a category whose

ob jects are the typ es themselves and an arrow from A to B is a function of

typ e AB What is a functor from typ e to itself It has two comp onents

a mapping F say from Type to Type that is the ob ject part of the

functor and

a mapping on functions which resp ects their typ es so that the image

of an arrow aa is an arrow F aF b

There are also some logical constraints on the b ehaviour of the these map

pings we cannot formalise these in Aldor How can this be formalised in

Aldor Wesay

Functor F Type Type Category with f

map aType bType ab F a F b

g

and we can showthattheList functor which builds the typ e Lista from

the typ e a is an instance of Functor thus

listFunctor FunctorList add f

map aTypebTypefabxLista Listb

if xnil then nil

else cons f firstx

map a b f restx

g

which is the standard denition of map over lists

In a similar vein we can try to make idType as dened in Section

ab ove into an instance of Functor

Ident FunctoridType add f

map aTypebTypefabxidTypea idTypeb

f x

g

but this will fail to be typ e correct since the typ es idTypea and a will

not be identied as would be required for the application of f to x to be

welltyp ed

Observe however that do es typ e check This is b ecause List is a

constructor of typ es that is the application Lista is already fully evalu

ated and so there is no problem in identifying it with other Type expressions

In the next section we examine p ossible mo dications to the Aldor typ e

mechanism to accommo date evaluation within typ e expressions

Investigating the Aldor dep endent typ e mechanism

We are currently investigating ways in which the Aldor dep endent typ e

mechanism can b e mo died to allowevaluation within typ e contexts as well

as within value contexts Anumb er of p ossibilities suggest themselves

The typ e system provides the pretend conversion routine which con



verts or typ e casts any typ e to any other typ e so that one can

rewrite as follows

Ident FunctoridType add f

map aTypebTypefabxidTypea idTypeb

f x pretend a pretend idTypeb

g

This achieves a result but at some cost Wherever we exp ect to need

some degree of evaluation that has to be shadowed by a typ e cast

these casts are also p otentially completely unsafe

Another p ossibility is to suggest that the system is mo died to include

co ercion functions whichwould provide conversion b etween typ e pairs

This suggestion could b e implemented but suchasidTypea and a

weenvisage two diculties with it

In all but the simplest of situations we will need to supply uniformly

dened families of co ercions rather than single co ercions This

will substantially complicate an already complex mechanism

Co ercions are currently not applied transitively the eect of this

is to allowustomodelsinglestepsofevaluation but not to take

their transitive closure

Putting these two facts together force us to conclude that eectively

mimicking the evaluation pro cess as co ercions is not a reasonable so

lution to the problem to hand

Instead of pursuing either of these solutions we are currently investigating

the p ossibility of p erforming some evaluation during typ e checking Clearly

this can cause the typ e checker to diverge in general since in for instance

an application of the form vectorSume an arbitrary expression eNat will

havetobeevaluated We therefore intend to use currentwork on terminating

systems of recursion MA as well as restrictions on the typ es of expression

chosen for evaluation as heuristics at least to guide the form of evaluation

that is supp orted

Logic within Aldor

In this section we discuss the CurryHoward isomorphism between prop o

sitions and typ es and show that it allows us to embed a logic within the

Aldor typ e system if dep endenttyp es are implemented to allowevaluation

within typ e contexts



The pretend function is used in the denition of rep and per in the currentversion

of Aldor a more secure mechanism would b e preferable

The CurryHoward corresp ondence

Under the CurryHoward corresp ondence logical prop ositions can be seen

as typ es and pro ofs can be seen as members of these typ es Accounts

of constructive typ e theories can be found in notes by MartinLof ML

amongst others NPS Tho Central to this corresp ondence are dep en

denttyp es which allow the representation of predicates and quantication

We can summarise the corresp ondence in a table

Programming Logic

Typ e Formula

Program Pro of

Pro ductrecord typ e Conjunction

Sumunion typ e Disjunction

Function typ e Implication

Dep endent function typ e xA Bx Universal quantier

Dep endent pro duct typ e xABx Existential quantier

Empt ytyp e Exit Contradictory prop osition

One elementtyp e Triv True prop osition

Predicates that is dep endent typ es can be constructed in a number of

dierentways We lo ok at the example of the less than predicate over the

natural numb ers

A rst approach is to give an explicit primitive recursive denition

of the typ e which in Aldor might take the form

lessThannNatmNat Type

if m then Exit

else if n then Triv

else lessThannm

A second approachintro duces them inductively as a generalisation of

the algebraic typ es which app ear in Haskell and SML We mightdene

the less than predicate oftyp e Nat Nat Type bysaying that

o constructors for the typ e of the following signature there are tw

ZeroLess nNatO S n

SuccLess mNatnNatm n S m S n

This approach leads to a p owerful style of pro of in which inductions are

p erformed over the form of pro of ob jects that is the elements of typ es

like m n rather than over say the natural numb ers and sucha

metho d makes much more manageable a pro of of the transitivityof

over Natsay Inductivetyp es have b een used extensively in the typ e

theory community see for instance PM

A logic within Aldor

We need to examine whether the outline given in Section amounts to a

prop er emb edding of a logic within Aldor We shall see that it places certain

requirements on the denition and the system

Most imp ortantly for a denition of the form to work prop erly as a

denition of a predicate we need an application like lessThan to be

reduced to Exit hence we need to haveevaluation of typ e expressions This

is a mo dication of Aldor whichwe are currently investigating as outlined

in Section In the case of the evaluation can be limited since the

scheme used is recognisable as terminating by for instance the algorithm

of MA

The restriction to terminating wellfounded recursions is also necessary

for consistency of the logic For the logic to b e consistent we need to require

that not all typ es are inhabited which is clearly related to the p ower of the

recursion schemes allowed in Aldor One approach is to exp ect users to

check this for themselves this has a long history b eginning with Hoares

axiomatisation of the function in Pascal but we would exp ect this to be

supp orted with some automated checking of termination which ensures that

partially or totally undened pro ofs are not p ermitted

Consistency also dep ends on the strength of the typ e system itself a

suciently p owerful typ e system will b e inconsistent as shown by Girards

paradox Gir

Applications of an integrated logic

If we identify a logic within Aldor how can it be used There are various

applications p ossible we outline some here and for others one can refer to the

number of implementations of typ e theories which already exist including

Nuprl C and Co q Cor

Pre and Postconditions

A more expressive typ e system allows programmers to give more accurate

typ es to common functions such as the function which indexes the elements

of a list

index lListtnNatn length l t

An application of index has three arguments a list l and a natural number

n as for the standard index function and a third argument which is

of typ e n length lthatisaproof that n is a legitimate index for the

list in question This extra argument b ecomes a pro of obligation which

must b e discharged when the function is applied to elements l and n

In a similar vein it is p ossible to incorp orate p ostconditions into typ es

so that a sorting algorithm over lists mighthave the typ e

sort lListtListtSortedl

and so return a sorted list together with a pro of that the list is Sorted

Adding axioms to the categories of Axiom

In denition Section we gave the category of monoids Monoid

which intro duces two op eration symb ols and A monoid consists not

only of two op erations but of op erations with prop erties We can ensure

these prop erties hold by extending the denition of the category to include

three extra comp onents which are pro ofs that is a left and right unit for

and that is asso ciative where we assume that is the identity predicate

Monoid Category BasicType with f

leftUnit g g g

rightUnit g gl g

assoc ghj ghj ghj

g

The extension and join op erations over categories will lift to b ecome op er

ations of extension and join over the extended logical categories such as

Dierent degrees of rigour

One can interpret the obligations given in Sections and with diering

degrees of rigour Using the pretend function we can conjure up pro ofs of

the logical requirements of even in this case they app ear as imp or

tant do cumen tation of requirements and they are related to the lightweight

formal metho ds of DK

Alternatively we can build fullyedged pro ofs as in the numerous imple

mentations of constructivetyp e theories mentioned ab ove or we can indeed

adopt an intermediate p osition of proving prop erties seen as crucial while

asserting the validity of others

Conclusion

We have prop osed a new way to combine or rather to integrate com

puter algebra and theorem proving Our prop osal is similar to BCZ

and Buc in that theorem proving capabilities are incorp orated in a com

puter algebra system In the classication of p ossible combinations of com

puter algebra and theorem proving of CH all these are instance of the

subpackage approach But the way in which we prop ose to do this is

completely dierent we prop ose to exploit the expressiveness of the typ e

system of Axiom using the CurryHoward isomorphism that also provides

the basis of theorem provers based on typ e theory suchasNuprlC or

Co q Cor This provides a logic as part of the computer algebra system

Also having the same basis as existing theorem provers such as the ones

mentioned ab ove should make it easier to interface with them

ergence of interests in typesystemsfroma It is interesting to see a conv

numb er of p oints of view namely

computer algebra

typ e theory and theorem provers based on typ e theory

functional programming

For instance there seem to b e many similarities b etween structuring mech

anisms used in these dierent elds BJK argues for functors in the

sense of the programming language ML as the right to ol for structuring

mathematical theories in Mathematica and San notes similarities be

tween the typ e system of Axiom existential typ e MP and Haskell classes

WB More closely related to our prop osal here it is interesting to note

that constructivetyp e theorists have added inductivetyp es PM giving

their systems a more functional avour while functional programmers are

showing an interest in dep endentt yp es Aug and languages without non

termination Tur We see our work as part of that convergence bringing

typ etheoretic ideas together with computer algebra systems and thus pro

viding a bridge b etween symb olic mathematics and theorem proving

Our future work will involve investigating the typ e system of Aldor

and integrating a logical approach to Aldor typ es this is complementary to

recent work on formalising the Aldor system within Co q Ale We also

exp ect to apply our work in a case study with mathematical colleagues

Acknowledgements

We are grateful to Stephen Watt of the UniversityofWestern Ontario and

to Ursula Martin and her research group at the University of St Andrews

for feedback on these ideas Wewould also like to thank Nag for granting us

access to the Aldor compiler and in particular to Mik e Dewar for his help

in facilitating this Finally we are indebted to Dominique Duval who rst

intro duced us to the typ e system of Aldor and to EPSRC for supp orting

her visit to UKC under the MathFIT programme

References

Ale Guillaume Alexandre De Aldor a Zermelo PhD thesis Universite

Paris VI

Aug Lennart Augustsson Cayenne a language with dep endent typ es

wwwcschalmersse augustsscayenne

BCZ Andrej Bauer Edmund Clarke and Xudong Zhao Analytica an exp er

imentincombining theorem proving and symb olic computation In Ar

ticial Intel ligence and Symbolic Mathematical Computation AISMC

volume of Lecture Notes in Computer Science pages

Springer

BJK Bruno Buchb erger Tudor Jeb elean Franz Kriftner Mircea Marin Elena

Tomuta and Daniela Vasaru A survey of the Theorema pro ject In Pro

ceedingsofISSAC International Symposium on Symbolic and Alge

braic Computation pages ACM

Buc Bruno Buchb erger Symb olic Computation Computer Algebra and

Logic In F Baader and KU Schulz editors Frontiers of Combining

Systems Applied Logic Series Kluwer

C Rob ert L Constable et al Implementing Mathematics with the Nuprl

Proof Development System PrenticeHall Inc

CH Jaques Calmet and Karsten Homann Classication of communication

and co op eration mechanisms for logical and symb olic computation sys

tems In FroCos pages Kluwer Series on Applied Logic

Cor C Cornes et al The Co q pro of assistant reference manual version

Rapp ort technique RT INRIA

DK Martin Dunstan and Tom KelseyLightweightFormal Metho ds for Com

puter Algebra Systems To app ear in the pro ceedings of ISSAC

Fat Richard Fateman Why computer algebra systems cant solve simple

equations ACM SIGSAM Bul letin

Gir JeanYves Girard Interpretation fonctionelle et elimination des

coupures dans larithmetique dordre superieure These dEtat Uni

versiteParis VI I

JS Richard D Jenks and Rob ert S Sutor Axiom The Scientic Compu

tation System SpringerVerlag

MA D McAllester and K Arkondas Walther recursion In MA Robbie

and JK Slaney editors CADE SpringerVerlag

Mac Saunders MacLane Categories for the Working Mathematician

SpringerVerlag

Mar Ursula Martin Computers reasoning and mathematical practice In

Helmut Schwichtenberg editor Computational Logic Marktoberdorf

SpringerVerlag To appear

ML Per MartinLof Intuitionistic Type Theory Bibliop olis Naples

Based on a set of notes taken byGiovanni Sambin of a series of lectures

given in Padova June

MP John C Mitchell and Gordon D Plotkin Abstract typ es haveexistential

typ e ACM Trans on Prog Lang and Syst

MTH Robin Milner Mads Tofte and Rob ert Harp er The Denition of Stan

dardML MIT Press

NPS Bengt Nordstrom KentPetersson and Jan M Smith Programming in

MartinLof s Type Theory AnIntroductionvolume of International

Series of Monographs on Computer Science Oxford University Press

PH John Peterson and Kevin Hammond editors Report on the Program

ming Language Haskel l Version wwwhaskellorgreport

PM Christine PaulinMohring Inductive denitions in the system Co q In

TypedLambda Calculi and Applicationsvolume of Lecture Notes in

Computer Science pages Springer

San Philip S Santas Atyp e system for computer algebra Journal of Sym

bolic Computation

Tho Simon Thompson Type Theory and Functional Programming Addison

Wesley

Tur David Turner Elementary strong functional programming In Func

tional Programming Languages in Education volume of Lecture

Notes in Computer Science pages Springer

W Stephen M Watt et al AXIOM Library Compiler User Guide The

Numerical Algorithms Group Limited First edition reprinted with cor

rections

WB Philip Wadler and Stephen Blott Making ad hoc p olymorphism less

ad hoc In Proceedings of the th ACM Symposium on Principles of

Programming LanguagesACM Press