Inductively Defined Types in the Calculus of Constructions

W e define t h e no t i on of an inductively defined type in t h e Calculus of C o n s t r u c t i o n s a n d show how induc t ive ly defined types can be represen ted by closed t y p e s . W e show t h a t all p r imi t ive recursive funct ionals over these induct ive ly defined types a r e also r ep resen tab le . Th i s general izes work by B o h m & Be ra rducc i on synthes is of funct ions on t e r m a lgebras in t h e second-order po lymorph ic A-calculus (F2). We give several app l ica t ions of this genera l iza t ion , inc luding a r ep re sen t a t i on of i^ p r o g r a m s in F3, a long wi th a definition of funct ions reify, reflect, a n d eval for F2 in F3. We also show how t o define induc t ion over induct ive ly defined types a n d ske tch some resul ts t h a t show t h a t t h e ex tens ion of t h e Calcu lus of C o n s t r u c t i o n by i nduc t ion principles does no t a l t e r t h e set of funct ions in i ts c o m p u t a t i o n a l f r agmen t , F„. Th i s is because a proof by induc t ion can be realized by p r imi t ive recurs ion , which is a l r eady definable in F^. 1 Supported in part by the Office of Naval Research under contract N00014-84-K-041 5 and in part by the Defense Advanced Research Projects Agency ( D O D ) , ARPA Order No. 5404, monitored by the Office of Naval Research under the same contract. 2 L I P ENSL, 46 Allee d'ltalie, 69364 Lyon Cedex 07 The views and conclusions contained in this document are those of the author(s) and should not be interpreted as representing the official policies, either expressed or implied, of the Defense Advanced Research Projects Agency or the U.S. government. Inductively Defined Types in C o C 1 1 I n t r o d u c t i o n T h e m o t i v a t i o n for t h e this p a p e r comes from two sources : work on t h e e x t r a c t i o n of p r o g r a m s from proofs in t h e Calcu lus of C o n s t r u c t i o n s ( C o C ) [23, 24] a n d work on t h e i m p l e m e n t a t i o n of L E A P [25], a n expl ici t ly p o l y m o r p h i c ML-like p r o g r a m m i n g l a n g u a g e (he re we only consider the p u r e FUJ f r agmen t of L E A P ) . T h e former emphas izes t h e logical a spec t s of C o C , t he l a t t e r its computational a s p e c t s . T h e basic re la t ionsh ip is s imple : a n e x t r a c t i o n process re la tes proofs in C o C t o p r o g r a m s in F&. In o t h e r words , in F„ we can express t h e c o m p u t a t i o n a l con t en t s of proofs in C o C . Said yet a n o t h e r way: p r o g r a m s in Fu realize p ropos i t ions in C o C . 1 B o t h on t h e logical a n d c o m p u t a t i o n a l level, induct ive ly defined p ropos i t i ons or t ypes play a c e n t r a l role in a n y app l i ca t ions . T h e i r logical a spec t , t h a t is, p rov ing p roper t i e s by induc t ion , a n d the i r c o m p u t a t i o n a l a s p e c t , t h a t is, defining funct ions by p r imi t ive recurs ion , a re very closely r e l a t ed : t h e c o m p u t a t i o n a l con t en t of a proof by induc t ion is a funct ion defini t ion by pr imi t ive recurs ion . Said a n o t h e r way: p r imi t ive recurs ion realizes i nduc t ion . O n e of our resul ts is t h a t , even t h o u g h i n d u c t i o n principles a r e no t provable in C o C , the i r c o m p u t a t i o n a l con ten t is a l ready def inable in Fw. T h u s a u g m e n t i n g C o C by induc t ion principles over induct ive ly defined types is in s o m e sense "conse rva t ive" over i ts c o m p u t a t i o n a l f r agment : even t h o u g h we c a n prove m o r e speci f ica t ions , a n y funct ion which we migh t be ab le t o e x t r a c t f rom such proofs is a l r eady definable in p u r e F^—we j u s t would no t be able t o show in C o C w i t h o u t i n d u c t i o n t h a t it satisfies its specif icat ion. Closely r e l a t ed is work by G i r a r d [13 ,14] , F o r t u n e , Leivant & O ' D o n n e l l [12], a n d Leivant [17,18] w h o a r e c o n c e r n e d w i t h t h e r e l a t ionsh ip b e t w e e n h igher -o rder logic a n d p o l y m o r p h i c A-calculi. M e n d l e r [19, 20] s t u d i e d i nduc t ive types in t h e s e t t i n g of t h e second-orde r po lymorph i c Acalculus a n d t h e N u P r l t y p e theory . H e a d d s t o t h e s y s t e m F a new scheme for defining recursive t y p e s . T h e s y s t e m is e x t e n d e d w i th new c o n s t a n t s for r e p r e s e n t i n g t h e t y p e , i ts c o n s t r u c t o r a n d t h e p r imi t i ve r ecurs ion o p e r a t o r . T h e rules of convers ion of t h e s y s t e m a r e also e x t e n d e d for each n e w recurs ive t y p e . In o u r p r e s e n t a t i o n t h e induc t ive types a r e in te rna l ly r ep re sen ted using h ighe r -o rde r quan t i f i ca t ion a n d t h e only r educ t i on ru le used is / J reduct ion . A n a d v a n t a g e of ou r a p p r o a c h is t h a t t y p e s t h a t in s o m e sense " a r e a l r e a d y t h e r e " a r e no t a lso a d d e d artificially. O n t h e o t h e r h a n d , a significant d r a w b a c k of o u r a p p r o a c h is t h e re la t ive weakness of ou r no t ion of equa l i ty i n d u c e d by th i s r e p r e s e n t a t i o n , even if one a d d s 77-conversion. For e x a m p l e , let R be t h e closed t e r m for p r imi t ive recurs ion over t h e n a t u r a l n u m b e r s , defined us ing i t e r a t i o n a n d pa i r ing as in Sec t ion 5 . T h e n t h e equa l i ty be tween R/3h'2 hs ( s u c c n ) a n d h5 ( p a i r n ( R ( 3 h ' z h's n)) is no t a n i n t e r n a l equa l i t y ( a s i t is in M e n d l e r ' s s y s t e m ) b u t is only p rovab le us ing i n d u c t i o n on n . T h e t y p e s g iven for p r i m i t i v e recurs ion in M e n d l e r ' s work a n d in th i s p a p e r a r e s l ight ly different b u t equ iva len t . W o r k a long M e n d l e r ' s lines for t h e Calcu lus of C o n s t r u c t i o n s is p re sen ted by C o q u a n d a n d P a u l i n M o h r i n g [9] a n d for M a r t i n L o f ' s t y p e t h e o r y by D y b j e r [11]. O n t h e p u r e l y c o m p u t a t i o n a l level, we general ize B o h m &: B e r a r d u c c i ' s [4] c o n s t r u c t i o n of func t ions o n t e r m a l g e b r a s in t h e second-o rde r p o l y m o r p h i c A-calculus (F2) t o F^. O n e of thei r r esu l t s does n o t genera l ize in unmodi f ied form b e y o n d a lgebra ic t y p e s : no t every closed t e r m of t h e r e p r e s e n t a t i o n t y p e will b e ^ c o n v e r t i b l e t o t h e r e p r e s e n t a t i o n of a t e r m in t h e induc t ive t y p e . T h i s does n o t a p p e a r t o b e c o m p u t a t i o n a l l y re levan t . O n e c a n cons ider a l t e r n a t i v e definit ions of i n d u c t i v e t y p e s o u t s i d e Fw ( b u t sti l l ins ide C o C ) which h a v e t h e s a m e c o m p u t a t i o n a l con t en t as o u r def ini t ions . A n o t h e r a l t e r n a t i v e would b e t o s t r e n g t h e n t h e n o t i o n of equal i ty . W e conjec ture *For t h e p u r p o s e s o f t h i s p a p e r , w e are i g n o r i n g t h e d i s t i n c t i o n b e t w e e n Data, Prop, a n d Spec m a d e in [23, 2 4 ] . For p r a c t i c a l p u r p o s e s , t h i s d i s t i n c t i o n i s e x t r e m e l y i m p o r t a n t . H e r e it i s m o r e c o n v e n i e n t t o s i m p l y u s e * t o e n c o m p a s s al l o f t h e m . W e t h u s u s e t h e t e r m s " p r o p o s i t i o n " a n d "spec i f i ca t ion" i n t e r c h a n g e a b l y . , r ^ . , ^ 2 Inductively Defined Types in C o C t h a t o n e c a n use R e y n o l d s ' cond i t ion of parametricity [26] t o recover un iqueness of r ep re sen t a t i ons a t leas t in t h e f r agmen t . A facility t o g e n e r a t e t h e definit ion of induct ive ly defined t y p e s , t h e c o n s t r u c t o r s , a n d the p r imi t ive recurs ion o p e r a t o r from specif icat ions like t h e ones in E x a m p l e s 3 t o 9 has been a d d e d to t h e i m p l e m e n t a t i o n of t h e Ca lcu lus of C o n s t r u c t i o n s V4.10 deve loped a t I N R I A . W o r k on t h e efficient i m p l e m e n t a t i o n of induc t ive ly defined types a n d pr imi t ive recurs ion over such types in F^ is c u r r e n t l y u n d e r way in t h e f r amework of t h e E r g o p ro jec t a t Ca rneg ie Mellon Univers i ty . 2 T h e C a l c u l u s o f C o n s t r u c t i o n s T h e Ca lcu lus of C o n s t r u c t i o n s ( C o C ) of C o q u a n d & Hue t (see [7, 6, 16, 8]) is a very powerful t y p e theory , yet it c a n be fo rmu la t ed very concisely. It encompasses G i r a r d ' s s y s t e m Fw (see [13, 14]) a n d t h e t y p e t h e o r y of L F , t h e E d i n b u r g h Logical F r a m e w o r k (see H a r p e r , Honsel l & P l o t k i n [15]) a n d m a y b e cons idered t h e resul t of combin ing these two t y p e theor ies (see B a r e n d r e g t [2]). T h e fo rmu la t i on we p resen t he r e is a very brief s u m m a r y of t h e conc re t e s y n t a x , n o t a t i o n , a n d inference s y s t e m given in [ 8 ] . W e use M, Ny... for t e r m s in genera l a n d x , r/, z for var iables ( a b s t r a c t l y , t h o u g h , t h e y a r e de Bru i jn indices [ 1 0 ] , w h e r e t h e occur rences of x in ( A x : M ) N a n d [x:M] N a r e b ind ing occu r r ences ) . W e have M ::= x | (Xx:M) N \ (M N) \ [x:M] N | * Following [8] we call [x:M] N a product * is t h e un iverse of all t y p e s , b u t is itself no t a t y p e . Contexts ( d e n o t e d by T, A ) a r e p r o d u c t s over * a n d t h u s h a v e t h e fo rm [ x i : M i ] . . .[xn:Mn] *, all o t h e r t e r m s will b e referred t o as objects. C o n t e x t s serve as t y p e s , b u t d o n o t h a v e t y p e s themse lves . W h e n it is c lear t h a t a t e r m is a c o n t e x t , we s o m e t i m e s o m i t t h e t ra i l ing *. T h e inference s y s t e m defines t w o j u d g m e n t s : T h A m e a n s t h a t A is a valid c o n t e x t in t h e valid c o n t e x t T, a n d T h M : P m e a n s t h a t M is a wel l typed t e r m of t y p e P in t h e valid c o n t e x t T. We use P , Q,... for types, t h a t is , t e r m s which c a n a p p e a r in t h e p lace of P in t h e j u d g m e n t s below. T h e inference s y s t e m below enta i l s t h a t a t y p e P will e i the r be a c o n t e x t , or have t h e p r o p e r t y t h a t T h P : *. [N/x]Q is t h e n o t a t i o n for s u b s t i t u t i n g N for x in Q ( a b s t r a c t l y defined us ing t h e de Bru i jn n o t a t i o n , a n d the re fo re avo id ing t h e issues of n a m e c lashes ) . Valid C o n t e x t s . r ia r h P : • h * T [ x:A] h * T [ x : P ] h * P r o d u c t F o r m a t i o n . T[x:P] h A T[x:P] h N ; % T h [x:P]A T h [x:P]N : * Var iab les , A b s t r a c t i o n , a n d A p p l i c a t i o n . T h * r , . p l • r r [ x:f ] H N : Q T H M :[x:P]Q T h N : P V\-x.P 1 J T h (\x:P) N : [x:P] Q Y \(M N) : [N/x]Q W e w i l l c o n s i d e r / ^ c o n v e r s i o n ( = ) i n t h e " f u l l " f o r m ( s e e [ 8 , P a g e 1 0 2 ] ) a n d h a v e t h e f o l l o w i n g r u l e o f t y p e c o n v e r s i o n : Inductively Defined Types in C o C 3 r h M : p r h P^Q r h M :Q 77-conversion does no t p lay a very i m p o r t a n t role, b u t we will have occasion to use it when cons ider ing t h e r e p r e s e n t a t i o n of induct ive ly defined types . T h e calculus sha res t h e basic p rope r t i e s of t h e L F t y p e t h e o r y a n d i 7 ^ , such as s t r o n g norma l i za t i on , dec idabi l i ty of type-checking , a n d t h e Church -Rosse r p r o p e r t y for welltyped t e r m s . W e will m a k e use of t h e p rope r t i e s in t h e deve lopmen t below. W e f o r m u l a t e t h e basic induc t ion pr inc ip le over n o r m a l forms of types in C o C sepa ra t e ly as a l e m m a , since we will need it frequently. I t s p roof is i m m e d i a t e from t h e L e m m a s in [8]. L e m m a 1 ( N o r m a l forms of t ypes ) Given a type R, that is, a term R such that for some T and N we have T \N : R. Then the (3-normal form of R has the shape NqN\ .. ,Npt *, or [x:R0] R\. In particular, the /3-normal form of R cannot be an abstraction. W e say t h a t a t y p e R is atomic if it is in n o r m a l form a n d does no t begin wi th a p r o d u c t , t h a t is, is n o t of t h e form [x:P] Q. W e will u se P —• Q as a n a b b r e v i a t i o n for a n y [ x : P ] Q , if x does no t occur free in Q. We will s o m e t i m e s o m i t t h e p a r e n t h e s e s s u r r o u n d i n g app l i ca t ions in which case app l i ca t ion is w r i t t e n s imply as j u x t a p o s i t i o n a n d assoc ia tes t o t h e left. J u x t a p o s i t i o n b inds t i g h t e r t h a n which assoc ia tes t o t h e r igh t . A b s t r a c t i o n a n d p r o d u c t a lso a s soc ia t e t o t h e r ight a n d bind less t igh t ly t h a n T h e equa l i ty in t h e m e t a l a n g u a g e is " = " . Defini t ional equa l i ty is w r i t t e n as " = " and m a y b e t h o u g h t of as i n t r o d u c i n g a n a b b r e v i a t i o n a t t h e level of t h e Ca lcu lus of C o n s t r u c t i o n as ava i lab le in i ts i m p l e m e n t a t i o n a t I N R I A . W e will use th is no t i on of n o t a t i o n a l definition in e x a m p l e s w i t h o u t formal iz ing i t . 3 I n d u c t i v e l y D e f i n e d T y p e s In tu i t ive ly , an i nduc t ive ly defined t y p e is given by a c o m p l e t e list o f c o n s t r u c t o r s for t e r m s o f t h e t y p e . W e r e a s o n a b o u t t h e t y p e w i t h a n a p p r o p r i a t e i n d u c t i o n pr inciple , a n d we wr i t e funct ions over t h e t y p e us ing iteration, which is powerful e n o u g h t o define p r imi t ive recurs ive f u n c t i o n a l over elements of t h e type. T h i s n o t i o n encompasse s t h e u s u a l no t ions o f free t e r m a lgebras w i t h a s s o c i a t e d induction principles, b u t it is m o r e genera l a n d allows t h e defini t ion o f t ypes S u c h as n a t u r a l numbers, pairs, lists, o r d i n a l n o t a t i o n s , logical quant i f iers a n d connec t ives , or p r o g r a m s i n a significant fragment of C o C o f i n d e p e n d e n t in t e res t . Below is our concrete s y n t a x for t h e defini t ion o f a n i nduc t i ve t y p e . W e refer t o a as t h e inductively defined type, and ci, . . . , c n as t h e constructors for a. i n d t y p e a : [ziiQi]... [zm\Qm] * w i t h ci : [xi:Pii]...[xkl:Pik1]otMn...Mlm cn : [xi :Pni ]. -. [*kn 'Pnkn ] aAf n l... Mnm e n d In such a n i n d u c t i v e defini t ion, a m a y no t occur in Qjy n o r in a n y Af,-j. However , a m a y occur in Pu, b u t on ly positively (see Defini t ion 2 ) . T h r o u g h o u t t h e p a p e r , we will use t h e n a m e s a , c t , Qj, 4 Inductively Defined Types in C o C Pu, Mij w h e n we need t o refer t o t h e c o m p o n e n t s of a given induc t ive t y p e definit ion. A n n o t a t i n g a P% serves only as a r e m i n d e r t h a t a m a y be free in Px\, a n d P§ is t h e resul t of s u b s t i t u t i n g 3 for a in Pu. W e will a lso use t h r o u g h o u t this p a p e r : Q = [zi:Ql]..>[Zm'-Qm]* P? = [x1:P?1]...[xki:PSSi]aMil...Mim for l < i < n Besides pos i t iv i ty , we m a k e a n a d d i t i o n a l a s s u m p t i o n t h a t g r e a t l y simplifies t h e p r e s e n t a t i o n a n d holds in all example s we a r e a w a r e of, b u t is no t essent ia l . We requ i re t h a t for a n y quant i f ier [y:Ro] Ri a p p e a r i n g in t h e defini t ion of a , e i ther y does no t occur in R* or a does no t occur in Rq. For a d e v e l o p m e n t w i t h o u t th is r e s t r i c t ion see P a u l i n M o h r i n g [24]. T h e a d d i t i o n a l complexi ty arises p r imar i l y in t h e defini t ion of $ below (Defini t ion 11)—al l t h e o r e m s r e m a i n valid when a p p r o p r i a t e l y modif ied. W e define by s i m u l t a n e o u s i n d u c t i o n w h e n a var iable occurs on ly posi t ively a n d only nega t ive ly in a t y p e R, w h e r e R is in /3-normal form. Since R is a t y p e a n d a s s u m e d t o b e in n o r m a l form t h e ( o m i t t e d ) case R = (Xz:Ro) R\ c a n n o t ar ise (see L e m m a 1) . D e f i n i t i o n 2 (Pos i t i ve a n d nega t ive occur rences of var iables) We define by simultaneous induction: a variable x occurs only positively in the (3-normal type R if C a s e R = x N\...Nm and x does not occur in N\,.. .Nm, C a s e R is atomic and x does not occur in R} C a s e R = [ z : i ? o ] R\ and x occurs only negatively in Ro and only positively in Ri. and a variable x occurs only negatively in the ^-normal type R if C a s e R is atomic and x does not occur in R, C a s e R = [z:Rq]R\ and x occurs only positively in Rq and only negatively in R\. W e beg in w i t h s o m e e x a m p l e s for induc t ive ly defined t y p e s . T h e first one is a lgebra ic (as in [4]). E x a m p l e 3 ( N a t u r a l N u m b e r s ) This is the canonical example for an inductively defined type. i n d t y p e n a t : * w i t h zero : n a t s u c c : n a t —• n a t e n d P a i r s a n d l is ts , t h e n e x t t w o e x a m p l e s , a r e p a r a m e t e r i z e d t y p e s which a r e he red i t a r i l y a lgebra ic : once i n s t a n t i a t e d w i t h a lgebra ic t y p e s , t h e resul t will be a lgebra ic . T h e r e p r e s e n t a t i o n of t h e p a r a m e t e r i z e d t y p e itself, however , is b e y o n d t h e f r amew o rk of [4]. E x a m p l e 4 ( P a i r s ) Pairs are definable in this calculus. They will be used in Section 5 in order to define primitive recursion from iteration. i n d t y p e prod : * —• * —» * w i t h p a i r : [A:*] [B:*] A — B + p r o d A B e n d Inductively Defined Types in C o C 5 We will have occasion to use a generalized notion of pair in the metalanguage that applies to parameterized types. Given R and S of type [z\:Qi]... [zm'-Qm] *• We define RxS = [zi:Qi]...[zm:Qm]prod(Rzi...zm)(Szi...zm). E x a m p l e 5 (L is t s ) This is a simple example for a parameterized type that involves a non-trivial induction. As we will see later in Example 21 the representation of this parameterized type in our framework is somewhat different from the representation, for example, given by Reynolds [27]. i n d t y p e l ist : * —• * w i t h nil : [A:*] l ist A cons : [A:*] A —• l i s t A —* l ist A e n d O r d i n a l n o t a t i o n s , t h e nex t e x a m p l e , a r e no t a lgebra ic for a different reason: t h e a r g u m e n t to one of t h e c o n s t r u c t o r s r anges over sequences (which a r e n a t u r a l l y r ep resen ted as funct ions) . E x a m p l e 6 ( O r d i n a l N o t a t i o n s ) This example is due to Coquand [6] and generalized by Huet [16, Section 10.3.5], The limit constructor olim is applied to a sequence of ordinals which is represented as a function from natural numbers to ordinals. i n d t y p e ord : * w i t h ozero : ord osucc : ord —• ord olim : [A:*](A —• ord) —• ord e n d T h e n e x t e x a m p l e is a r e p r e s e n t a t i o n of p r o g r a m s in t h e p o l y m o r p h i c A-calculus ( i ^ ) . Th i s t y p e is c lear ly n o t he red i t a r i l y a lgebra ic . E x a m p l e 7 ( P r o g r a m s in F2) This inductive type is noteworthy for several reasons. Its representation will lie in F$f the third-order polymorphic X-calculus. Moreover, one can program an evaluation function for F2 in F$ over this representation. For a more detailed account, see [25]. i n d t y p e prog : * —• * w i t h rep : [A:*] A —• prog A lam : [A:*] [5:*] (A prog B) — prog (A B) app : [A:*] [B:*] prog(A —• B) —• prog A —• prog B t y p l a * : [A:* *] ([5:*] prog (A B)) -> prog ([5:*] (A B)) t y p a p p : [A:* *] prog([5:*](A B)) [5:*] prog (A 5 ) e n d All the examples so far lie within t h e jF w f r agmen t of C o C . T h e following examples dea l w i th aspects of dependent types in C o C which c a n be used t o define logical n o t i o n s . E x a m p l e 8 (Leibniz' E q u a l i t y ) Leibniz' equality and other logical connectives can be defined as inductive types. We express here that equality is the least relation which relates every element to itself. i n d t y p e eq : [A:*] A —• A —• * w i t h r e i l : [A:*] [xiA] e q A x i e n d 6 Inductively Defined Types in C o C E x a m p l e 9 ( E x i s t e n t i a l Quan t i f i ca t ion) We express the usual inference rule for existential quantification and (since the type is inductive) that this is the only way we can establish an existentially quantified proposition. i n d t y p e e x i s t s : [A:*] (A — • * ) — • * w i t h exists-intro : [A:*] [P:A —• *] [x:A] P x —• e x i s t s A P e n d Similar to the way we generalized prod to X we can generalize dependent pairs. This will be used in the definition of induction in Section 6. Given R : [ 2 1 . Q 1 ] . . . [zm:Qm] * and P : [ z i . Q i ] . . . [zm:Qm] Rz\ .. .zm —* *. We define the type R®P=[z1:Q1]... [zm:Qm] e x i s t s (R zx ... zm) (P zx ... zm) C o u n t e r e x a m p l e 10 ( L F encod ing of logical sy s t ems ) LF, the Logical Framework, is a very weak subsystem of C o C in which one can encode inference systems as signatures. Judgments of the inference system become types or type families, logical connectives and quantifiers and inference rules become typed constants. See Harper, Honsell & Plotkin [15] for a description of LF and Avron, Honsell & Mason [l] for LF representations of a variety of logics. These signatures resemble inductive type definitions, but upon closer inspection the analogy fails. Consider the following two problematic declarations which would be part of an inductive type definition derived from an encoding of first-order arithmetic. i n d t y p e h : o —• * w i t h Dl: [A:o] [B:o] (hA —• hi?) —• hA D B VI : [A:nat — o] ([a?:nat] \~A x) hVA e n d In the case o/Dl, the first occurrence ofVA is nega t ive , and therefore falls outside of our framework of inductive definitions. This is a simple example of a type that is non-empty, even though it may not have a ubase case" when one tries to consider it as an inductively defined type, ignoring the negative occurrence o / K In the case of VI, the rule may become too powerful and actually formalize a version of the u-rule (and not universal introduction) when we make induction over natural numbers available at the level of LF. This failure of induction is not a defect of LF, since induction is done once and for all when the LF type theory itself is defined inductively. However, it does make it considerably more difficult to extend LF while preserving adequacy of representations of logical systems in LF. 4 R e p r e s e n t i n g I n d u c t i v e l y D e f i n e d T y p e s T h e r e a r e t w o a s p e c t s of induc t ive ly defined t y p e s t h a t we a r e i n t e r e s t ed in. T h e first one migh t b e cal led t h e computational aspect, t h e second t h e logical aspect W h e n i n v e s t i g a t i n g t h e c o m p u t a t i o n a l a s p e c t of a n i nduc t i ve t y p e , we cons ider F„ on ly a n d a s s u m e t h a t we h a v e a n e w (poss ib ly p a r a m e t e r i z e d ) t y p e c o n s t a n t a a n d new t e r m c o n s t r u c t o r s c t . F u n c t i o n s over a m a y b e defined us ing p r imi t i ve recurs ion a t h igher t y p e (see Defini t ion 31 ) . W e ask if t h e r e is a l r e a d y a t y p e in p u r e F^ itself t h a t c a n b e used t o r ep re sen t t e r m s bui l t f rom t h e c o n s t r u c t o r s such t h a t t h e func t ions t h a t a r e def inable by p r imi t i ve recurs ion a r e a lso def inable . Inductively Defined Types in C o C T h e a n s w e r here is " y e s " , t h o u g h t h e r e will be a de l ica te po in t a b o u t t h e exac t fo rmula t ion of the t h e o r e m t o t h a t effect. T h e logical a spec t is based on t h e s imple premise t h a t one would like to reason induct ively a b o u t induc t ive t ypes . Since t h e var ious induc t ion principles themse lves a r e no t provable in CoC. t h e y have t o be a d d e d as p r imi t ive c o n s t a n t s . W h a t a r e t h e p rope r t i e s of such a n ex tens ion? We do no t have a c o m p l e t e answer here , b u t a t least we a sce r t a in one p leasan t p r o p e r t y : when consider ing t h e c o m p u t a t i o n a l c o n t e n t of proofs of specifications u n d e r this ex tens ion , it is conservative: we have new t h e o r e m s ( a n d proofs) , b u t no new funct ions in Fw. W e begin by giving a m e t h o d for r ep resen t ing induct ive ly defined types . An i m p o r t a n t p r o p e r t y we would like t o p rese rve is t h a t a n induc t ive t y p e in F^ will also be r ep re sen ted in F^. Th i s fact is used vi ta l ly in t h e i m p l e m e n t a t i o n of L E A P [25]. Now a s s u m e we a r e given a n induct ive ly defined t y p e a in t h e n o t a t i o n a t t h e beg inn ing of Sect ion 3 . In th i s sec t ion we show t h a t t h e r e is ac tua l ly a closed t y p e a in C o C such t h a t any wel l typed t e r m t h a t c a n be bui l t w i th t h e c o n s t r u c t o r s of a a n d t e r m s in C o C has a r ep re sen ta t ion of t y p e a . T h e converse , n a m e l y t h a t every closed t e r m M of t y p e a c an b e expressed in t e rms of t h e c o n s t r u c t o r s of a is no t t r u e if one takes /3^-convers ion as t h e no t i on of t e r m equali ty. W e con jec tu re t h a t t h e converse is t r u e in models t h a t satisfy R e y n o l d s ' cond i t ion of parametricity [26]. T h i s con j ec tu re is based on t h e in tu i t ion t h a t comple teness fails because /377-equality is t o o weak t o identify i nd i s t i ngu i shab le t e r m s , u n d e r s o m e r ea sonab le a s s u m p t i o n s a b o u t w h e n t e r m s should be i nd i s t i ngu i shab l e (see Mitchel l a n d Meyer [21]). C o m p u t a t i o n a l l y th is fai lure of comple teness is n o t a p r o b l e m , a n d t h e logical c h a r a c t e r i z a t i o n of a n induc t ive t y p e in t e r m s of a n i nduc t i on ax iom is s a t i s f ac to ry f rom t h e logical po in t of view ( t h o u g h , of course , also i ncomple t e in a n o t h e r sense) . Of course , t h e r e m a y b e m a n y ways a n induct ive ly defined t y p e could b e r ep resen ted in C o C . W e give he re a canon ica l c o n s t r u c t i o n in which t h e r e p r e s e n t a t i o n of a n e lement of t h e induc t ive t y p e is i ts o w n i t e r a t i o n funct ion . T h i s r e p r e s e n t a t i o n has s o m e d r a w b a c k s which we will r e t u r n t o in Sec t ion 5, w h e r e we show how t o define p r imi t ive recurs ion a t all t ypes over a n induct ive ly defined t y p e . Before l a u n c h i n g i n t o t h e desc r ip t ion of t h e r e p r e s e n t a t i o n of i nduc t ive t y p e s , we need an i m p o r t a n t t echn ica l too l . In i ts s imples t form, we define a m a p $ on t e r m s t h a t lifts a funct ion F : P —* Q t o a func t ion $r : RP -» RQ w h e r e R : * —• * a n d R is pos i t ive in i ts a r g u m e n t ( t h a t is, R = (Ax:*) R a n d x is only pos i t ive in R). D e f i n i t i o n 11 ( M a p s $ a n d $ ) Given S and T of type [zi'.Qi].. .[zm:Qm] * and a function F : [z\:Qi].. .[zm:Qm] S Z\ . . , z m —• T z \ . . . z m . Furthermore, we are given a type R = Rx with some free occurrences of x\z\:Q{\.. .[zm:Qm] *. We define $r for R with only positive occurrences of x such that for any term N : R, $r(N) : RT, and simultaneously we define ^r for Rx with only negative occurrences of x such that for any term N : R', V r(N) : R. C a s e R = xN\...Nm. Then let $r(N) = FNi...NmN : R, since x does not occur in Ni,...yNm by positivity. C a s e R is atomic and x does not occur in R. Then R = R and we let $r(N) = N. C a s e R = [z:R%]Rf. Then $r(N) = (\z:R$)9Rl(N V^z)). Note that x will occur only negatively in Rq since it occurs only positively in R. Remember that the case R = (Xz:Rq) R cannot arise, since R is a t y p e in normal form (see Lemma 1). Now for R with x only occurring only negatively, we define: 8 Inductively Defined Types in CoC C a s e Rx = x N\.. . iV m. TAis case cannot arise, since x is positive in Rx, but we assumed that x occurs only negatively in Rx. C a s e Rx is atomic and x does not occur in Rx. Then Rs = RT and we let $#(iV) = jV. C a s e R° = [z:R%]Rf. Then *R(N) = (\z:R§)9Rl(N*Ro(*)). The construction of $ depends on F and its type. If we want to make the dependency explicit, we write $ F for the map $ that is constructed from F. T h e t e r m c o n s t r u c t e d acco rd ing t o this definit ion will no t a lways b e cor rec t ly t y p e d . W e need a n a d d i t i o n a l r e s t r i c t ion t h a t is satisfied in all of ou r examples a n d in p a r t i c u l a r is a lways satisfied for i nduc t i ve t y p e in t h e F^ f r agmen t of C o C . L e m m a 12 In the context of Definition 11 and under the assumption that for any quantifier [z\Rq] R in Rx, either z does not occur in Rx or x does not occur in Rq, $ and 9 are welldefined and $ satisfies $r(N) : RT for any N : Rs T h e p roof is by a s imp le i n d u c t i o n on t h e s t r u c t u r e of Rx. T h e defini t ion of $ a n d $ w i t h t h e s a m e p r o p e r t y c a n b e m a d e in full genera l i ty , b u t is qu i t e complex . De ta i l s c a n b e found in P a u l i n M o h r i n g [24, p a g e 107], N o w we a r e p r e p a r e d t o s t a t e a n d p rove t h e r e p r e s e n t a t i o n of i nduc t i ve t y p e s . D e f i n i t i o n 1 3 ( R e p r e s e n t a t i o n a of a n induc t ive ly defined t y p e a ) Given a, defined inductively as in Section 3. We will use the notation P-f for Pu and Pft for the result of substituting (3 for a in Pu and pf for the result of substituting (3 for a in P t. We let a = (A^iQO ... (Xzm:Qm) \(3:Q] p f p £ ^ 0 Z l . z m I t is e a sy t o see t h a t a : Q. T h e defini t ion of t h e r e p r e s e n t a t i o n s of t h e c o n s t r u c t o r s c t will m a k e use of t h e func t ion ( ) + defined be low w i t h t h e p r o p e r t y t h a t if N : Rt h e n N+ : R0. D e f i n i t i o n 1 4 ( R e p r e s e n t a t i o n ct of c o n s t r u c t o r c t ) C= (XxuPft) • • . ( A * * : i $ ) ( W ) (Ayi : i f ) • • (Ay»:Pjf) ViX+ • • •*+ G i v e n t h e property of ( ) + s ta ted a b o v e , it is easy t o verify t h a t £ t : P f \ W e now define t h e m a p ( )+ us ing $ and its properties. D e f i n i t i o n 1 5 ( M a p ( ) + ) Given a context [/3:Q] [yi:Pf ].. .[yn-P£] where all occurrences of (3 in the P{ are positive. In order to be able to apply $ such that it coerces N : R^ to iV+ : R& , we have to define a function F : [zx:Qi]...[zm:Qm]Qlzx .. .zm-+ (3zx.. . z m . But ctzx...zm = [f3:Q] Pf • • • —• P% —• (3 z\ . . . z m and so we let F = (XzuQx). . .(A*m:Qm) (\g:[(3:Q] Pf • P* ^ flzx.. .zm)g(3yi.. .yn and define N+ as $£ a(iV). Inductively Defined Types in C o C 9 D e f i n i t i o n 16 (TQ) Given a type a defined inductively as above. Then Ta = [a:[zl:Ql]...[zm:Qm]*)[cl:P?]...[cn:PZ]* We also extend () homomorphically from a and constructors cx to any term N that is well-formed in a context A , T a . We sometimes refer to a term in the context Ta as a c o n s t r u c t o r t e r m . For t h e a d e q u a c y t h e o r e m it is convenient t o consider 77-conversion in add i t i on t o ,3-conversion. T h e o r e m 1 7 ( A d e q u a c y ) For any inductively defined type a and closed terms N\ Nm such that Ta h aNi .. . Nm : *, () is a bisection between fin-equivalence classes of terms N such that Ta h iV : a N\ . .. Nm and equivalence classes of terms M such that h M \ aN\ . . . Nm. P r o o f s k e t c h : I t is easy t o verify by ca lcu la t ion as in [4] us ing L e m m a 12 t h a t Q has the injection p r o p e r t i e s . T h e inverse m a p F{M) = M ac\ .. .cn appl ies t h e r e p r e s e n t a t i o n M of a t e r m in an i nduc t ive t y p e t o t h e c o n s t r u c t o r s of t h a t t y p e t o yield t h e t e r m t h a t it r ep resen t s . • It is i m p o r t a n t t o n o t e t h a t t h e inverse m a p T does no t need to e x a m i n e t h e s t r u c t u r e of its a r g u m e n t M t o d e t e r m i n e w h a t c o n s t r u c t o r t e r m M r ep resen t s . Th i s m e a n s t h a t even in a n implem e n t a t i o n w h e r e t h e in t ens iona l s t r u c t u r e of functions is inaccessible (for e x a m p l e , when functions a r e compi led i n t o m a c h i n e code) we can still e x t r a c t t h e c o n s t r u c t o r t e r m t h a t is r ep resen ted by a func t ion by a p p l y i n g it t o t h e c o n s t r u c t o r c o n s t a n t s . T h e a d e q u a c y t h e o r e m is s o m e w h a t weaker t h a n B o h m a n d Be ra rducc i ' s r e p r e s e n t a t i o n theo r e m . T h i s is b e c a u s e t h e m a p p i n g s () a n d T d o no t go be tween /377-equivalence classes: as the following c o u n t e r e x a m p l e shows , non-conver t ib le t e r m s m a y rep resen t t h e s a m e c o n s t r u c t o r t e r m . C o u n t e r e x a m p l e 1 8 (Non-un iquenes s of r e p r e s e n t a t i o n u n d e r fin) Consider the following inductively defined type with one constructor, where nat is defined as in Example 19: i n d t y p e cex : * w i t h c : (nat —• nat) —• cex e n d This type would be represented as cex = [p:*] ((nat —• nat) —• p) —• p c = (A/:nat —• nat) (Ap:*) (Ay:(nat —• nat) —> p)y f The following term is not fin-equivalent to a term c / for any f, even though it has type cex: M = (Ap:*) (Aj/:(nat nat) p) j/((An:nat) n (p nat) ((Xx:p) zero) ((Xx:p —• nat) x) (y((An:nat) n))) Using the inverse mapping T one can calculate what constructor term is represented by M: T{M) = c ((An:nat) n (cex —• nat) ((Ax:cex) zero) ((Ax:cex —• nat) x) (c ((An:nat) n))) One can easily see that T(M) and M are not (in-convertible, though they both represent F(M). 10 Inductively Defined Types in C o C O n e c a n recover un iqueness by us ing d e p e n d e n c y : in essence, a t e r m of a c o n s t r u c t o r t y p e is r ep re sen t ed as t h e p roof t h a t it is well-formed. Such a m o r e complex proof t e r m has t h e s a m e c o m p u t a t i o n a l c o n t e n t s as o u r r e p r e s e n t a t i o n (see [24] or [18]). O n e can also fo rmu la t e a s imple c r i te r ion on t h e t y p e s P t of t h e c o n s t r u c t o r s t h a t ensures un iqueness of t h e r e p r e s e n t a t i o n u n d e r /377-conversion (see [24, p a g e 125]). Final ly, one could cla im t h a t t h e failure of un iqueness is due t o incomple t eness of /Jrj-conversion in t h e po lymorph i c A-calculus a n d t h a t t h e y really should be equiva lent . W e con jec tu re t h a t R e y n o l d s ' cond i t ion of parametricity [26] can be used t o just i fy this c la im, b u t u n d e r p a r a m e t r i c i t y even m o r e t e r m s migh t b e identified t h a n u n d e r ou r no t ion of equivalence t h a t is i nduced by t h e funct ion T. For e x a m p l e , u n d e r p a r a m e t r i c i t y , t h e t e r m M in t h e c o u n t e r e x a m p l e would a lso be equivalent t o c ( ( A n : n a t ) z e r o ) . E x a m p l e 1 9 ( N a t u r a l N u m b e r s ) Here we obtain the well-known representation of the natural numbers in the second-order polymorphic X-calculus. n a t = [C:*]C -> (C C) -> C E x a m p l e 2 0 ( P a i r s ) Using () we obtain: prod = (AA:*) (\B:+) [C:* -+ * — *] ([A:*] [5 :* ] A B -> C A B) ^ C A B p a i r = (AA:*) (AJ9:*) (AC:* * — *) (A/ : [A:*] [£ :* ] A -+ B — C AB) f AB x y This is not the encoding given, for example, by Reynolds [27] and is slightly more awkward. The standard definition can be recovered by parameterizing the whole inductive definition by A and B and then abstracting over A and B to obtain global definitions (we refer to this method as un i form p a r a m e t e r i z a t i o n , ) . Uniform parameterization often leads to simpler equivalent representation of inductively defined parameterized types. Here, we define in the context A:*, 2?:* (the superscripts serve only as a reminder of the dependency): i n d t y p e p r o d A B : * w i t h p a i r 4 ' * : A — B — p r o d A ' B e n d This yields the representation p r o d ^ B = [ C : * ] ( A + B C ) — C p a i r ^ B = (\x:A)(\y:B)(\C:*)(\f:A-^ B-+C)fxy One can then abstract over A and B (discharge them from the context) to obtain the usual, now global definitions of prod and p a i r ; prod = ( A A : * ) ( A 5 : * ) [ C : * ] ( A + £ + C ) + C p a i r = (\A:*)(\B:*)(\x:A)(\y:B)(\C:*)(\f:A-> B-*C)fxy E x a m p l e 2 1 (L i s t s ) The representation of lists obtained this way is also different from, though equivalent to the encoding in F2 given in [27]. list = (\B:*) [C :* -+ *] ([A:*] C A) ([A:*] A -> C A -* C A) C B As in Example 20, one can obtain the usual definition by uniform parameterization. Inductively Defined Types in C o C 11 E x a m p l e 2 2 ( O r d i n a l N o t a t i o n s ) ord = [C:*] C — ( C — C) — ( ( n a t — C ) C ) — C E x a m p l e 2 3 ( P r o g r a m s in F2) This is an example where uniform parameterization is not possible, since p r o g is applied to different arguments at different occurrences in the types of the constructors in Example 7. Thus a representation of this F2~type will lie in F3. We conjecture that no Fi representation is possible such that the normalization function over the representation is definable. p r o g = ( A D : * ) [ C : * -> *] ([A:*] A -> C A) from rep -> ( [A:*][5:*] {A->C B)-+C(A-^ B)) from lam ( [ A : * ] [ 5 : * ] C ( A B) — C"A — C 5 ) / r o m app ([A:* *] ([f l :*]C (A B)) — C ( [ 5 : * ] ( A 5 ) ) ) / r o m typlam ([A:* -+ *] C([B:*](A B)) -> [B:*]C (A B)) from typapp CD E x a m p l e 2 4 (Le ibn iz ' E q u a l i t y ) In order to show that Example 8 actually defines Leibniz' equality, we use uniform parameterization (see Example 20) to modify the previous definition. Assume we are in the context A : * , x : A . We would like to define the type of elements equal to x inductively. We define i n d t y p e tqA,x : A —• * w i t h r e i l A ' r : tqA*](Cx^Cy) r e * 1A>X = (AC:A — *) ( \ z : C x) z After abstracting over A and x we obtain the usual definition of Leibniz equality in the setting of C o C or higher-order logic. E x a m p l e 2 5 ( E x i s t e n t i a l Quan t i f i ca t ion ) Here, too, we apply uniform parameterization in order to expose the similarity to the usual definition of existential quantification in C o C or higher-order logic. In the context A : * , P : A —• * we define i n d t y p e exists" ^ : * w i t h e x i a t s i n t r o x , p : [x:A](Px —• e x i s t s A ' P ) e n d Our representation function yields e x i s t s A ' P = [C:*] ([x:A] (P x C)) C e x i s t s i n t r o A ' P = (\x:A) (Xv:Px) (AC:*) (Xw:[x:A] (P x ^C))wxv After discharging A and P from the context, we obtain the usual definitions. 12 Inductively Defined Types in C o C 5 C o m p u t i n g w i t h I n d u c t i v e l y D e f i n e d T y p e s Enr i ch ing C o C by induc t ive ly defined types m u s t go a long wi th s o m e m e t h o d for defining recurs ive funct ions over t h e s e t y p e s . We choose i t e r a t i o n r a t h e r t h a n p r imi t ive recurs ion since it is a s impler no t i on a n d p r imi t ive recurs ion is definable from i t e r a t i on . For a n i m p l e m e n t a t i o n of a p r o g r a m ming l a n g u a g e based on a n enr iched one would p r o b a b l y need t o choose p r imi t ive recurs ion , since i ts i m p l e m e n t a t i o n t h r o u g h i t e r a t i o n is p rovab ly inefficient in s o m e cases (see Colson [5] or P a r i g o t [22]). D e f i n i t i o n 2 6 (Def in i t ion by i t e r a t i o n ) Let an a be an inductively defined data type as in Section 3. Given a {3 : Q and functions /&i;:Pf, . . . , hn:P£. Then the function