CHAPTER X Types in Logic, Mathematics and Programming Robert L. Constable Computer Science Department, Cornell University Ithaca, New York 1~853, USA Contents 1. Introduction ..................................... 684 2. Typed logic ..................................... 692 3. Type theory ..................................... 726 4. Typed programming languages ........................... 754 5. Conclusion ...................................... 766 6. Appendix ...................................... 768 References ........................................ 773 HANDBOOK OF PROOF THEORY Edited by S. R. Buss 1998 Elsevier Science B.V. All rights reserved 684 R. Constable 1. Introduction Proof theory and computer science are jointly engaged in a remarkable enter- prise. Together they provide the practical means to formalize vast amounts of mathematical knowledge. They have created the subject of automated reasoning and a digital computer based proof technology; these enable a diverse community of mathematicians, computer scientists, and educators to build a new artifact a globally distributed digital library of formalized mathematics. I think that this artifact signals the emergence of a new branch of mathematics, perhaps to be called Formal Mathematics. The theorems of this mathematics are completely formal and are processed digitally. They can be displayed as beautifully and legibly as journal quality mathematical text. At the heart of this library are completely formal proofs created with computer assistance. Their correctness is based on the axioms and rules of various foundational theories; this formal accounting of correctness supports the highest known standards of rigor and truth. The need to formally relate results in different foundational theories opens a new topic in proof theory and foundations of mathematics. Formal proofs of interesting theorems in current foundational theories are very large rigid objects. Creating them requires the speed and memory capacities of modern computer hardware and the expressiveness of modern software. Programs called theorem provers fill in tedious detail; they recognize many kinds of "obvious inference," and they automatically find long chains of inferences and even complete subproofs or proofs. The study of these theorem provers and the symbolic algorithms that make them work is part of the subject of automated reasoning. This science and the proof technology built on it are advancing all the time, and the new branch of mathematics that they enable will have its own standards, methods, surprises and triumphs. This article is about the potent mixture of proof theory and computer science behind automated reasoning and proof technology. The emphasis is on proof theory topics while stressing connections to computer science. Computer science is concerned with automating computation. Doing this well has made it possible to formalize real proofs. Computing well requires fast and robust hardware as well as expressive high level programming languages. High level lan- guages are partially characterized by their type systems; i.e., the organization of data types expressible in the language. The evolution of these languages has led to type systems that resemble mathematical type theories or even computationally effective set theories. (This development underlines the fact that high level programming is an aspect of computational mathematics.) This article will focus mainly on relating data types and mathematical types. The connection between data types and mathematical types in the case of formal mathematics and automated reasoning is even tighter than the general connection. Here is why. To preserve the highest standards of rigor in formalized mathematics built with computer assistance (the only way to produce it), it is necessary to reason Types 685 about programs and computations. This is what intuitionists and constructivists do at a very high level of abstraction. So as the programming languages for automating reasoning become more abstract and expressive, constructive mathematics becomes directly relevant to Formal Mathematics and to the "grand enterprise" of building it using theorem provers. We will see that connections are quite deep. It turns out that proof technology is relevant to other technologies of economic and strategic importance. For instance, the type checkers in commercial programming languages like ML are actually small theorem provers. They check that arguments to a function match the type of the function (see section 3). Industrial model checkers systematically search for errors in the design of finite state systems, such as hardware circuits or software protocols. More general tools are program verification systems. These combine type checkers, model checkers, decision procedures, and theorem provers that use formalized mathematics. They are employed to prove that programs have certain formally specified properties. Such proofs provide the highest levels of assurance that can be given that programs operate according to specifications. There are also software systems based on proof technology which synthesize correct programs from proofs that specifications are realizable. We will examine the proof theory underlying some of these systems. My approach to the subject comes from the experience of designing, studying, and using some of the earliest and then some of the most modern of these theorem provers. Currently my colleagues and I at Cornell are working with the system we call Nuprl ("new pearl").1 We call it a proof development system in Constable et al. [1986], but some call it a problem solving environment (PSE) or a logicalframework (LF). From another point of view it is a collaborative mathematics environment, c.f., Chew et al. [1996]. Whatever Nuprl is called, I am concerned with systems like it and their evolution. We will examine the logical features common to a variety of current systems of a similar kind, such as ACL2, Alf, Coq, HOL, IMPS, Isabelle, Kiv, LA, Lego, Mizar, NqThm and Otter. So while I will refer to Nuprl from time to time, most of the ideas are very general and will apply to the systems of the 21st century as well. Before saying more about the article, let me put the work into historical perspective. Doing this will allow me to state my goals more exactly (especially after each topic of Section 1.1). 1.1. Historical perspective on a grand enterprise 1875-1995. From Begriff- sschrift [1879] onwards until Grundgesetze [1903], logic was re-surveyed by Gottlob Frege, and the ground was cleared to provide a firm foundation for mathematics. 2 In Principia Mathematica, Whitehead and Russell [1925-27] revised Frege's flawed architectural plans, and then using these plans, Hilbert [1926] laid out a formalist 1We have released Version 4.2, see http://www.cs.cornell.edu/Info/Projects/NuPrl/nuprl.html. Version 5 and "Nuprl Light" will be available at this World Wide Web site in 1999. 2Begri~sschrift ("concept script") analyzed the notion of a proposition into function and argument, introduced the quantifiers, binding, and a theory of identity. This created the entire predicate calculus. Grundgesetze presented a theory of classes based on the comprehension principle and defined the natural numbers in terms of them. 686 R. Constable program to build the completely formal theories which would be used to explain and justify the results and methods of mathematics. His program would defend mathematical practice against critics like Brouwer who saw the need to place the foundation pilings squarely on the natural numbers and build with constructive methods. 3 Hilbert called for workers, training some himself, and began with them the task which proved to be so compelling and attractive to many talented mathematicians like Church, von Neumann, Herbrand, Gentzen, Skolem, Turing, Tarski, GSdel, and many more. Boring deep into the bedrock to explore the foundation site, Kurt GSdel [1931] unexpected limitations to the planned activity. It could never be completed as envisioned by Hilbert. 4 His surprising discovery changed expectations, but the tools GSdel created transformed the field and stimulated enormous interest in the enterprise. More remarkable discoveries followed. Within two decades, computer science was providing new "power tools" to realize in software the formal structures needed to support mathematics. By 1960 computer hardware could execute programming languages like Lisp, c.f. McCarthy [1963], designed for the symbolic processing needed to build formal structures. Up in the scaffolding computer scientists began to encounter their own problems with "wiring and communications," control of resource expenditure, design of better tools, etc. But already even in the 1970's poised over the ground like a giant drilling rig, the formal structures supported still deeper penetration into the bedrock designed to support mathematics (and with it the mathematical sciences and much of our technical knowledge). The theory of computational complexity, arising from Hartmanis and Stearns [1965], led to further beautiful discoveries like Cook's P - NP problem, and to a theory of algorithms needed for sophisticated constructions, and to a theory of feasible mathematics (see Buss [1986], Leivant [1994b,1994a,1995]), and to ideas for the foundations of computational mathematics. By 1970 the value of the small formal structure already assembled put to rest the nagging questions of earlier times about why mathematics should be formalized. The existing structure provided economic